ng0 <[email protected]> skribis: > On 17-02-13 10:30:10, Ludovic Courtès wrote: >> Hi Leo! >> >> Leo Famulari <[email protected]> skribis: >> >> > Does anyone have advice about how to start an unprivileged user's >> > services when the system boots? >> > >> > On other systems, I could at least invoke them in /etc/rc.local, but I'm >> > not sure how to do it on GuixSD. >> >> Currently I run shepherd as myself, which reads from >> ~/.config/shepherd/init.scm. It gets started from my ~/.xsession. >> >> Admittedly this is a bit of a hack. It wouldn’t be hard to define >> per-user Shepherd instances as global Shepherd services in GuixSD, if >> you see what I mean. >> >> Another option would be to add support for this directly in the >> Shepherd, which has pros and cons. > > What are the pros and cons from your point of view, could you explain this?
The downside is that it would make the Shepherd more complex: it would have to have a built-in notion of user instances, even though it is not designed specifically to run as PID 1 initially (you can use it as an unprivileged user already). Another downside is that /var/run/shepherd/socket may need to be accessible to users so they can talk to PID 1. More generally, there’d need to be some way to prevent unprivileged users from doing things like running arbitrary code in PID 1. The upside would be better integration: if shepherd knows about user services, then it can show them in ‘herd status’, things like that. (There’s a similar trade-off for the recently-added support for services running in containers.) Thanks, Ludo’.
