Page MenuHomePhabricator

no longer write to home folder directly; use /etc/skel
Closed, ResolvedPublic

Description

rationale:

TODO:

  • no longer have packages (maintainer scripts) directly write to /home
  • use /etc/skel instead
  • copy files from /etc/skel to /home/user at first boot

Related, separate ticket:
ship Tor Browser tarballs in Qubes TemplateVMs in /var/cache/tb-binary and extract in AppVMs at boot time to user's home folder (T417)

Details

Impact
Normal

Event Timeline

Patrick raised the priority of this task from to Needs Triage.
Patrick updated the task description. (Show Details)
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, marmarek, nrgaway, HulaHoop.
no longer write to home folder directly; use /etc/skel;

https://phabricator.whonix.org/T419

proper error handling in xchat-reset

https://github.com/Whonix/xchat-improved-privacy/commit/aadea76e21b3804c053338bc9449b6c7962a91dd

Patrick triaged this task as Normal priority.Dec 3 2015, 11:43 PM
Patrick updated the task description. (Show Details)
Patrick changed the task status from Open to Review.Dec 10 2015, 10:34 PM
populate /home/user from /etc/skel at first boot

https://phabricator.whonix.org/T419

https://github.com/Whonix/whonix-base-files/commit/4ee7f32ba8b7dcf87d9ae31d1ade8b00468520af

fix / code simplification

https://phabricator.whonix.org/T419

https://github.com/Whonix/whonix-base-files/commit/9d7da269be22114737317051c5f4c6bce6ca4253

separate done file for Qubes TemplateVMs to make this work with the
current home folder population for Qubes DispVMs.
https://github.com/QubesOS/qubes-core-agent-linux/blob/f380c346cf9af3f058b8ece853d7d4a5ece28815/misc/dispvm-prerun.sh#L6-L12

https://phabricator.whonix.org/T419
https://phabricator.whonix.org/T463

https://github.com/Whonix/whonix-base-files/commit/9ade708ed7288a1fec4a662b2bf062a8ebffc15c

Patrick changed the task status from Review to Open.Apr 26 2016, 10:01 PM

There is a problem with the script which runs as root - https://github.com/Whonix/whonix-base-files/blob/master/usr/lib/anon-base-files/first-boot-skel - with the following commands.

sudo -u "$user_name" cp --verbose --no-clobber --archive --parents --recursive "$fso_basename" "$home_dir"
sudo -u "$user_name" cp --verbose --no-clobber --archive "$fso_basename" "$home_dir"
sudo -u "$user_name" cp --verbose --archive "$skel_folder/.bashrc.whonix" "$home_dir/.bashrc"

sudo -u user is problematic. It's useful to not have files within /home/user being owned by root. But when using sudo -u user we cannot read files from folder /etc/skel/.gnupg, since these are owned by root. This could be solved by using cp as root and the fixing ownership using chown. It's not great since in corner cases (power loss; race conditions) the execution could stop after cp ending up with files owned by root in users's home.

Patrick claimed this task.