Hi Liliana, Liliana Marie Prikler <[email protected]> writes:
[...] >> This is an unfortunate situation arising from a bug before the >> service was refactored. >> Before d7fd9ec209f72e9cfff04a48bf16e092f258d8ff (actually >> 5c5f0fc1135ff15f9c4adfc5f27eadd9a592b5d1) >> mpd-service-type contained a service-extension for %mpd-accounts >> where the values for both group and user were hardcoded to "mpd" >> but this was actually never used since shepherd would launch the >> service using root and mpd would downgrade its permissions and switch >> to the user specified in the mpd-configuration record since this >> field is serialized to the configuration file. > It would be quite weird if someone had already pointed out how to > properly handle the accounts and groups only for that to be ignored > later in the review. > > Am Samstag, dem 24.12.2022 um 18:20 +0100 schrieb eine leichtsinnige > Person, die ihre eigenen Anmerkungen vergisst: >> I think you should make it so that you can pass a user-account and >> user-group to the mpd service so that they can be reused (with a >> sanitizer that creates a user/group from string). > Never mind then. I think Bruno has been reworking that, I think they must be about ready. > Am Freitag, dem 17.02.2023 um 07:53 -0500 schrieb Maxim Cournoyer: >> Else an error rather than a warning when multiple same-name users are >> defined would be more appropriate, I think. > Guess what, it used to be a formatted message (i.e. an actual error). > However, that broke some configs as reported in [1], so I demoted it to > a warning. Interesting. I didn't know we were usefully (?) abusing duplicate users and group. Perhaps we should try to isolate the most common offenders (services?), fix them up, and then re-introduce the check, perhaps gradually (e.g. "in 6 months time, duplicated users or groups will become a configuration error"). -- Thanks, Maxim
