[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
This bug was fixed in the package shadow - 1:4.5-1.1ubuntu4 --- shadow (1:4.5-1.1ubuntu4) eoan; urgency=medium * debian/patches/1015_add_zsys_support.patch: - Call zsys to handle home directory if available. We call zsys to handle dataset creation for zsys system in a separate home dataset for each user on the system. This allows one to handle user dataset outside of /home and also renaming. We don't support yet deletion, as removing the dataset would remove as well every snapshot of the history, and so, revert to previous version will result in user created, but no home directory, which is unwanted. (LP: #1842902) -- Didier Roche Thu, 29 Aug 2019 15:00:07 +0200 ** Changed in: shadow (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: Fix Released Status in zsys package in Ubuntu: Fix Released Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
This bug was fixed in the package zsys - 0.2 --- zsys (0.2) eoan; urgency=medium * Add userdata hidden subcommand for creating and renaming user datasets. (LP: #1842902) * Build-dep on grub2-common to not produce s390x build for now until we support an alternative bootloader. -- Didier Roche Mon, 09 Sep 2019 15:13:26 +0200 ** Changed in: zsys (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: Triaged Status in zsys package in Ubuntu: Fix Released Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
Thanks a lot Łukasz! The MIR is available at https://bugs.launchpad.net/ubuntu/+source/zsys/+bug/1839271, the MIR part has been acked, it's pending a security review for now. Anyway, let's proceed with this so that we can test it early in the wild, thanks again! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: Triaged Status in zsys package in Ubuntu: Triaged Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
Thanks Didier and Alex! This looks promising. I'm generally +1 on this, especially that the shadow part of the feature doesn't have to be blocked on zsys - if all works correctly that is. For the zsys part, I assume that once we have that we'd like to pull in zsys to main. Did you reach out to the MIR team and security team about it already? I wouldn't want us to do a last minute push of zsys right before release without proper review of all the bits and pieces. All in all, I'm formally approving the shadow FFe and, with some fear, the zsys FFe as well. Be sure to reach out to the MIR team as early as possible. If zsys isn't main-ready before beta, well, I wouldn't want it to be part of our official images. ** Changed in: shadow (Ubuntu) Status: New => Triaged ** Changed in: zsys (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: Triaged Status in zsys package in Ubuntu: Triaged Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
attaching shadow build logs ** Attachment added: "shadow_4.5-1.1ubuntu4_amd64.build" https://bugs.launchpad.net/ubuntu/+source/zsys/+bug/1842902/+attachment/5287475/+files/shadow_4.5-1.1ubuntu4_amd64.build -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: New Status in zsys package in Ubuntu: New Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
Thanks Didier, looks great :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: New Status in zsys package in Ubuntu: New Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
Hey Alex! Thanks for looking at it. Sure, I've added some checks for open/dup2 (and exiting the child). On execl, I've kept the similar logic than the rest of the code, meaning: - don't check for execl return value. - if something bad happen, execl returns. - we go on the next line which is a perror() + exit. On the strrstr(), I found it more clear than the offset and future-proof than hardcoding *pname. I don't have a strong opinion though TBH, so I have just hardcoded "zsys" directly as you suggested. I've attached a new version of the patch. ** Patch added: "1015_add_zsys_support.patch" https://bugs.launchpad.net/ubuntu/+source/zsys/+bug/1842902/+attachment/5287090/+files/1015_add_zsys_support.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: New Status in zsys package in Ubuntu: New Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1842902] Re: FFe: create zfs dataset for each user automatically
Didier - could you please add some checks on the return values from the various open/dup2/execvl syscalls? Whilst currently I can't see a huge problem if these silently fail (open returns -1, dup2 then fails, or if dup2 fails anyway - then the only consequence is stdout/stderr is not silenced) I think it would be better to be more defensive (or if not, at least add a comment explaining why NOT checking for failures is not a problem). Also instead of the strrstr() call (which again is unchecked but since this is running on a known string is unlikely to fail) - why not either just use zsys+6 since this is a fixed string OR just const char *pname = "zsys"; ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1842902 Title: FFe: create zfs dataset for each user automatically Status in shadow package in Ubuntu: New Status in zsys package in Ubuntu: New Bug description: Part of the zsys spec is creating/associating one user dataset for each HOME user. As zsys is an official experimentation for 19.10, we would like to include this feature in a safe way, and reachable for any tool creating users (adduser, gnome-control-center, ubiquity…). Those are using useradd under the scene. For this, the proposed implementation: - patch useradd trying to execute "zsys useradd create USER HOMEDIR". If zsys isn't present or zsys returns a status code != 0 (which will be the case if the running system isn't a zsys one: pure zfs or non zfs like / on ext4), it will fallback to mkdir. Then the code does the usual chmod() - patch usermod, trying as well to execute "zsys useradd rename-home OLDHOME NEWHOME". Same failing reason (not a zsys system, not installed, OLDHOME isn't a zsys handled datasets) and fallback to rename(). Then the code does the usual chmod(). Tested with and without zsys installed, the code does what we expect. I'm attaching the shadow (useradd/usermod) patches, as you can see it's very minimal. A new ZSYS release will be needed (https://github.com/ubuntu/zsys). As you can see, there are quite some commits since the last release, but it's all baked (as usual) by a huge suite of tests (in ZFS and machine layers) with corner cases tested and such. I'm confident on that change. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1842902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
