bug-mcron
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] base: Handle nonexistent user home directories.


From: Dale Mellor
Subject: Re: [PATCH v2] base: Handle nonexistent user home directories.
Date: Fri, 03 Sep 2021 13:26:11 +0100
User-agent: Evolution 3.38.3-1

On Tue, 2021-08-17 at 19:23 -0400, Maxim Cournoyer wrote:
> This is useful for running jobs as the "nobody" user, for
> example.
> 
> * src/mcron/base.scm (run-job): Catch the ENOENT (2, "No such
> file or
> directory") error when attempting to change directory to the
> user home
> directory.
> ---
>  src/mcron/base.scm | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/src/mcron/base.scm b/src/mcron/base.scm
> index f7b727d..037a9b7 100644
> --- a/src/mcron/base.scm
> +++ b/src/mcron/base.scm
> @@ -182,7 +182,17 @@ next value."
>          (λ ()
>            (setgid (passwd:gid (job:user job)))
>            (setuid (passwd:uid (job:user job)))
> -          (chdir (passwd:dir (job:user job)))
> +          ;; Handle the case where the home directory points
> to a nonexistent
> +          ;; location, as can be the case when running the job
> as the "nobody"
> +          ;; user.
> +          (catch 'system-error
> +            (lambda ()
> +              (chdir (passwd:dir (job:user job))))
> +            (lambda args
> +              (let ((errno (system-error-errno args)))
> +                (cond
> +                 ((= ENOENT errno) (chdir "/"))
> +                 (else (throw 'system-error args))))))
>            (modify-environment (job:environment job) (job:user
> job))
>            ((job:action job)))
>          (λ ()

Hmmm, this smells a bit to me.  I'd be interested to hear from
Guix developers their opinion on if there is really a case for
allowing the nobody user to run cron jobs.  I would have thought
that the case would be better handled by a dedicated user for the
purpose.  There is also the problem that mcron scripts may become
unstable: if one relies on "/" being the working directory, and
suddenly a real home directory appears, the script will cease to
function.  If it is really desired, I think an explicit test for
the nobody user needs to go into the patch, but I really think
that failure with a system error is the most appropriate action
here.

Dale





reply via email to

[Prev in Thread] Current Thread [Next in Thread]