bug-mcron
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] base: Handle nonexistent user home directories.


From: Maxim Cournoyer
Subject: Re: [PATCH v2] base: Handle nonexistent user home directories.
Date: Mon, 20 Sep 2021 22:13:01 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hello Dale,

Sorry for the delayed answer; your replies hadn't landed in my INBOX
(they went straight to my 'bug-mcron' mailing list directory).  If you
keep my address in the reply (wide reply), I can hopefully manage a
shorter reply time :-).

Dale Mellor <mcron-lsfnyl@rdmp.org> writes:

> On Tue, 2021-08-17 at 19:23 -0400, Maxim Cournoyer wrote:
>> This is useful for running jobs as the "nobody" user, for
>> example.
>> 
>> * src/mcron/base.scm (run-job): Catch the ENOENT (2, "No such
>> file or
>> directory") error when attempting to change directory to the
>> user home
>> directory.
>> ---
>>  src/mcron/base.scm | 12 +++++++++++-
>>  1 file changed, 11 insertions(+), 1 deletion(-)
>> 
>> diff --git a/src/mcron/base.scm b/src/mcron/base.scm
>> index f7b727d..037a9b7 100644
>> --- a/src/mcron/base.scm
>> +++ b/src/mcron/base.scm
>> @@ -182,7 +182,17 @@ next value."
>>          (λ ()
>>            (setgid (passwd:gid (job:user job)))
>>            (setuid (passwd:uid (job:user job)))
>> -          (chdir (passwd:dir (job:user job)))
>> +          ;; Handle the case where the home directory points
>> to a nonexistent
>> +          ;; location, as can be the case when running the job
>> as the "nobody"
>> +          ;; user.
>> +          (catch 'system-error
>> +            (lambda ()
>> +              (chdir (passwd:dir (job:user job))))
>> +            (lambda args
>> +              (let ((errno (system-error-errno args)))
>> +                (cond
>> +                 ((= ENOENT errno) (chdir "/"))
>> +                 (else (throw 'system-error args))))))
>>            (modify-environment (job:environment job) (job:user
>> job))
>>            ((job:action job)))
>>          (λ ()
>
> Hmmm, this smells a bit to me.  I'd be interested to hear from Guix
> developers their opinion on if there is really a case for allowing the
> nobody user to run cron jobs.  I would have thought that the case
> would be better handled by a dedicated user for the purpose.

My use case here was making some network enabled job (it's a job that
updates my dynamic IP address with some dyndns service by issuing an
HTTP get) a bit more secure (ensuring the process wouldn't have
read-access to the whole of my $HOME directory) by not running it as my
own user.

Creating a dedicated user for it would probably be the best/safest
approach, but using the nobody user seemed like a positive change
already for zero extra complication (creating a new user).  Was it
misguided?  Too lazy?  :-)

> There is also the problem that mcron scripts may become unstable: if
> one relies on "/" being the working directory, and suddenly a real
> home directory appears, the script will cease to function.

It's true that it introduces a special case; but it seems to me that the
nobody user *is* special hence it is reasonable; it shall be documented
though.

> If it is really desired, I think an explicit test for the nobody user
> needs to go into the patch, but I really think that failure with a
> system error is the most appropriate action here.

I don't mind to write one after we decide if it makes sense or not :-).

Thank you,

Maxim

reply via email to

[Prev in Thread] Current Thread [Next in Thread]