[systemd-devel] [PATCH] Split out /run/nologin creation into a separate service

Lennart Poettering lennart at poettering.net
Sun Dec 22 06:18:45 PST 2013 

On Sat, 21.12.13 04:45, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:

> This has come up before, and will come up again: running
> systemd-tmpfiles --create kills user logins. In principle
> this is documented, but in practice people don't always
> read the documentation. Split out /run/nologin creation
> so it's harder to do execute it by mistake.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1043212

Hmmm, --create is dangerous, beyond /run/nologin it will also empty dirs
and truncate files (for "D" and "F" lines), and that's really not what
people should do during runtime, and assume it was not dangerous..

Maybe go the other way and refuse to work (or just warn?) during normal
operation if no arguments are passed? Note entirely sure though what to
detect "during normal operation" with though. Maybe warn/fail if we are
run from a tty (in opposition to run as a service with no tty)?

Or maybe we should allow "--create" only a single time during each boot
(unless a specific file name is specified), so that all later calls generate
a warning or fail? And then maybe a new "--force" switch or so, that
makes that warning/failure go away?

I'd certainly prefer if we'd go this way instead of fraying out the
snippets too wildly...

> ---
> Hi Lennart,
> this patch is essentially harmless, but not very pretty, so I'm
> sending it to the mailing list in case you want to veto it.
> 
> Zbyszek
> 
>  Makefile-man.am                                   |  5 +++++
>  Makefile.am                                       | 12 +++++++----
>  man/systemd-tmpfiles.xml                          | 26 +++++++++++++++--------
>  tmpfiles.d/systemd-forbid-user-logins.conf.noauto | 11 ++++++++++
>  tmpfiles.d/systemd.conf                           |  2 --
>  units/.gitignore                                  |  1 +
>  units/systemd-forbid-user-logins.service.in       | 21 ++++++++++++++++++
>  units/systemd-tmpfiles-setup.service.in           |  1 +
>  8 files changed, 64 insertions(+), 15 deletions(-)
>  create mode 100644 tmpfiles.d/systemd-forbid-user-logins.conf.noauto
>  create mode 100644 units/systemd-forbid-user-logins.service.in
> 
> diff --git a/Makefile-man.am b/Makefile-man.am
> index c5f73d4..c337d09 100644
> --- a/Makefile-man.am
> +++ b/Makefile-man.am
> @@ -180,6 +180,7 @@ MANPAGES_ALIAS += \
>  	man/systemd-ask-password-console.path.8 \
>  	man/systemd-ask-password-wall.path.8 \
>  	man/systemd-ask-password-wall.service.8 \
> +	man/systemd-forbid-user-logins.service.8 \
>  	man/systemd-fsck-root.service.8 \
>  	man/systemd-fsck.8 \
>  	man/systemd-hibernate.service.8 \
> @@ -283,6 +284,7 @@ man/sd_notifyf.3: man/sd_notify.3
>  man/systemd-ask-password-console.path.8: man/systemd-ask-password-console.service.8
>  man/systemd-ask-password-wall.path.8: man/systemd-ask-password-console.service.8
>  man/systemd-ask-password-wall.service.8: man/systemd-ask-password-console.service.8
> +man/systemd-forbid-user-logins.service.8: man/systemd-tmpfiles.8
>  man/systemd-fsck-root.service.8: man/systemd-fsck at .service.8
>  man/systemd-fsck.8: man/systemd-fsck at .service.8
>  man/systemd-hibernate.service.8: man/systemd-suspend.service.8
> @@ -538,6 +540,9 @@ man/systemd-ask-password-wall.path.html: man/systemd-ask-password-console.servic
>  man/systemd-ask-password-wall.service.html: man/systemd-ask-password-console.service.html
>  	$(html-alias)
>  
> +man/systemd-forbid-user-logins.service.html: man/systemd-tmpfiles.html
> +	$(html-alias)
> +
>  man/systemd-fsck-root.service.html: man/systemd-fsck at .service.html
>  	$(html-alias)
>  
> diff --git a/Makefile.am b/Makefile.am
> index 8507d8d..e1cd71f 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -1578,12 +1578,14 @@ dist_systemunit_DATA += \
>  nodist_systemunit_DATA += \
>  	units/systemd-tmpfiles-setup-dev.service \
>  	units/systemd-tmpfiles-setup.service \
> -	units/systemd-tmpfiles-clean.service
> +	units/systemd-tmpfiles-clean.service \
> +	units/systemd-forbid-user-logins.service
>  
>  dist_tmpfiles_DATA = \
>  	tmpfiles.d/systemd.conf \
>  	tmpfiles.d/tmp.conf \
> -	tmpfiles.d/x11.conf
> +	tmpfiles.d/x11.conf \
> +	tmpfiles.d/systemd-forbid-user-logins.conf.noauto
>  
>  if HAVE_SYSV_COMPAT
>  dist_tmpfiles_DATA += \
> @@ -1592,7 +1594,8 @@ endif
>  
>  SYSINIT_TARGET_WANTS += \
>  	systemd-tmpfiles-setup-dev.service \
> -	systemd-tmpfiles-setup.service
> +	systemd-tmpfiles-setup.service \
> +	systemd-forbid-user-logins.service
>  
>  dist_zshcompletion_DATA += \
>  	shell-completion/zsh/_systemd-tmpfiles
> @@ -1608,7 +1611,8 @@ endif
>  EXTRA_DIST += \
>  	units/systemd-tmpfiles-setup-dev.service.in \
>  	units/systemd-tmpfiles-setup.service.in \
> -	units/systemd-tmpfiles-clean.service.in
> +	units/systemd-tmpfiles-clean.service.in \
> +	units/systemd-forbid-user-logins.service.in
>  
>  # ------------------------------------------------------------------------------
>  systemd_machine_id_setup_SOURCES = \
> diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
> index b90bd75..009c076 100644
> --- a/man/systemd-tmpfiles.xml
> +++ b/man/systemd-tmpfiles.xml
> @@ -46,6 +46,7 @@
>                  <refname>systemd-tmpfiles</refname>
>                  <refname>systemd-tmpfiles-setup.service</refname>
>                  <refname>systemd-tmpfiles-setup-dev.service</refname>
> +                <refname>systemd-forbid-user-logins.service</refname>
>                  <refname>systemd-tmpfiles-clean.service</refname>
>                  <refname>systemd-tmpfiles-clean.timer</refname>
>                  <refpurpose>Creates, deletes and cleans up volatile
> @@ -54,11 +55,14 @@
>  
>          <refsynopsisdiv>
>                  <cmdsynopsis>
> -                        <command>systemd-tmpfiles <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt" rep="repeat">CONFIGURATION FILE</arg></command>
> +                        <command>systemd-tmpfiles</command>
> +                        <arg choice="opt" rep="repeat">OPTIONS</arg>
> +                        <arg choice="opt" rep="repeat">CONFIGURATION FILE</arg>
>                  </cmdsynopsis>
>  
>                  <para><filename>systemd-tmpfiles-setup.service</filename></para>
>                  <para><filename>systemd-tmpfiles-setup-dev.service</filename></para>
> +                <para><filename>systemd-forbid-user-logins.service</filename></para>
>                  <para><filename>systemd-tmpfiles-clean.service</filename></para>
>                  <para><filename>systemd-tmpfiles-clean.timer</filename></para>
>          </refsynopsisdiv>
> @@ -69,20 +73,24 @@
>                  <para><command>systemd-tmpfiles</command> creates,
>                  deletes and cleans up volatile and temporary files and
>                  directories, based on the configuration file format and
> -                location specified in <citerefentry>
> -                        <refentrytitle>tmpfiles.d</refentrytitle>
> -                        <manvolnum>5</manvolnum>
> -                </citerefentry>.</para>
> +                location specified in
> +                <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
> +                </para>
>  
>                  <para>If invoked with no arguments, it applies all
>                  directives from all configuration files. If one or
>                  more filenames are passed on the command line, only
>                  the directives in these files are applied. If only
>                  the basename of a configuration file is specified,
> -                all configuration directories as specified in <citerefentry>
> -                        <refentrytitle>tmpfiles.d</refentrytitle>
> -                        <manvolnum>5</manvolnum>
> -                </citerefentry> are searched for a matching file.</para>
> +                all configuration directories as specified in
> +                <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
> +                are searched for a matching file.</para>
> +
> +                <para>During bootup,
> +                <filename>systemd-forbid-user-logins.service</filename>
> +                will create <filename>/run/nologin</filename> to
> +                disable user logins until the system is ready.
> +                </para>
>          </refsect1>
>  
>          <refsect1>
> diff --git a/tmpfiles.d/systemd-forbid-user-logins.conf.noauto b/tmpfiles.d/systemd-forbid-user-logins.conf.noauto
> new file mode 100644
> index 0000000..42ebc0b
> --- /dev/null
> +++ b/tmpfiles.d/systemd-forbid-user-logins.conf.noauto
> @@ -0,0 +1,11 @@
> +#  This file is part of systemd.
> +#
> +#  systemd is free software; you can redistribute it and/or modify it
> +#  under the terms of the GNU Lesser General Public License as published by
> +#  the Free Software Foundation; either version 2.1 of the License, or
> +#  (at your option) any later version.
> +
> +# See tmpfiles.d(5) and systemd-forbid-user-logins.service(5).
> +# This file has special suffix so it is not run by mistake.
> +
> +F /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"
> diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
> index a05c657..e921c2b 100644
> --- a/tmpfiles.d/systemd.conf
> +++ b/tmpfiles.d/systemd.conf
> @@ -22,8 +22,6 @@ d /run/systemd/users 0755 root root -
>  d /run/systemd/machines 0755 root root -
>  d /run/systemd/shutdown 0755 root root -
>  
> -F /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"
> -
>  m /var/log/journal 2755 root systemd-journal - -
>  m /var/log/journal/%m 2755 root systemd-journal - -
>  m /run/log/journal 2755 root systemd-journal - -
> diff --git a/units/.gitignore b/units/.gitignore
> index 76c4cb3..804daa3 100644
> --- a/units/.gitignore
> +++ b/units/.gitignore
> @@ -24,6 +24,7 @@
>  /systemd-binfmt.service
>  /systemd-bus-driverd.service
>  /systemd-bus-proxyd at .service
> +/systemd-forbid-user-logins.service
>  /systemd-fsck-root.service
>  /systemd-fsck at .service
>  /systemd-halt.service
> diff --git a/units/systemd-forbid-user-logins.service.in b/units/systemd-forbid-user-logins.service.in
> new file mode 100644
> index 0000000..fe4a4d2
> --- /dev/null
> +++ b/units/systemd-forbid-user-logins.service.in
> @@ -0,0 +1,21 @@
> +#  This file is part of systemd.
> +#
> +#  systemd is free software; you can redistribute it and/or modify it
> +#  under the terms of the GNU Lesser General Public License as published by
> +#  the Free Software Foundation; either version 2.1 of the License, or
> +#  (at your option) any later version.
> +
> +[Unit]
> +Description=Create /run/nologin
> +DefaultDependencies=no
> +Wants=local-fs.target
> +Conflicts=shutdown.target
> +After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target
> +Before=sysinit.target shutdown.target
> +RefuseManualStart=yes
> +RefuseManualStop=yes
> +
> +[Service]
> +Type=oneshot
> +RemainAfterExit=yes
> +ExecStart=@rootbindir@/systemd-tmpfiles --create @tmpfilesdir@/systemd-forbid-user-logins.conf.noauto
> diff --git a/units/systemd-tmpfiles-setup.service.in b/units/systemd-tmpfiles-setup.service.in
> index 6f98063..3405e28 100644
> --- a/units/systemd-tmpfiles-setup.service.in
> +++ b/units/systemd-tmpfiles-setup.service.in
> @@ -14,6 +14,7 @@ Conflicts=shutdown.target
>  After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target
>  Before=sysinit.target shutdown.target
>  ConditionDirectoryNotEmpty=|/usr/lib/tmpfiles.d
> +ConditionDirectoryNotEmpty=|/lib/tmpfiles.d
>  ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d
>  ConditionDirectoryNotEmpty=|/etc/tmpfiles.d
>  ConditionDirectoryNotEmpty=|/run/tmpfiles.d


Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list