user not removed + home directory not created + NixOS confused

[musteresel]

Issue description

Removing / renaming a user via /etc/nixos/configuration.nix does not remove the old user, does not create home directory for the new user (name) and leads to broken/confused NixOS system (no new users can be created).

Happened inside a chroot (nixos-install --chroot). Sorry for the rather "raw" report, I currently don't have that much spare time but wanted to record/report this. Also this is my (only) production system (being rebuild on new hardware after hard drive failure) thus I'm a bit limited with respect to tools atm.

Steps to reproduce (or better: The story how it happened)

Add a user:

user.users = {
  foo = {
    isNormalUser = true;
    createHome = true;
    uid = 1000;
    extraGroups = ["wheel" "cdrom" "networkmanager" "scanner" "vboxusers"];
  };
};

Run nixos-rebuild switch. Oh, but foo is a terrible name (or a typo), so go back and change:

user.users = {
  bar = {
    isNormalUser = true;
    createHome = true;
    uid = 1000;
    extraGroups = ["wheel" "cdrom" "networkmanager" "scanner" "vboxusers"];
  };
};

Run nixos-rebuild switch. ls /home shows only foo. Short panic, go back and change:

user.users = {
  bar = {
    isNormalUser = true;
    createHome = true;
    uid = 1001; ### HERE is the change
    extraGroups = ["wheel" "cdrom" "networkmanager" "scanner" "vboxusers"];
  };
};

Run nixos-rebuild switch. Still no home directory for bar, looking into /etc/passwd now shows both a line for foo and bar (with the correct home directory paths set). Notice output from the just finished nixos-rebuild with a line:

Died at /nix/store/531giy6mqh207cadkffsi1z960l4jywz-update-users-groups.pl line 144.

Try to start all over:

user.users = {
};

Run nixos-rebuild switch. Same error message as above. No change in /etc/passwd. Add a completely different user:

user.users = {
  frob = {
    isNormalUser = true;
    createHome = true;
    uid = 2000;
    extraGroups = ["wheel" "cdrom" "networkmanager" "scanner" "vboxusers"];
  };
};

Run nixos-rebuild switch. Same error message as before. /etc/passwd unchanged, no line for frob but still for both foo and bar. ls /home still has only a directory for foo.

Technical details

• System: 16.09.929.80cbb8a (Flounder)
• Nix version: nix-env (Nix) 1.11.4
• Nixpkgs version: "16.09.929.80cbb8a"

[musteresel]

Updated above description to include the (apparently) relevant line

    extraGroups = ["wheel" "cdrom" "networkmanager" "scanner" "vboxusers"];

in each user configuration.

Line where the error occurs (last commit on Aug 30, I assume I have the same version on my system):
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/config/update-users-groups.pl#L144

Uses perl rename function, which has portability problems according to http://perldoc.perl.org/functions/rename.html

userdel or usermod now fail with cannot open /etc/passwd, but file is present and (from a quick look) seems to be ok.

[musteresel]

I was investigating why /etc/passwd (and /etc/group) weren't usable (or to be precisely, writable). Running mount gives me (apart from a too huge list ... 2 pages is far too much for this setup):

/dev/mmcblk0p1 on /etc/passwd type ext4 (ro,relatime,data=ordered)
/dev/mmcblk0p1 on /etc/group type ext4 (ro,relatime,data=ordered)

/dev/mmcblk0p1 is the SD card from which I'm running the backup (NixOS) system. This looks very wrong to me.

[domenkozar]

Can you also paste your filesystem partitions?

[domenkozar]

Could be a duplicate of #6481

[kierdavis]

Are you using users.mutableUsers?

[musteresel]

@domenkozar I don't think that's the issue here, I'm using a single (plain simple ext4) partition for the whole system.

  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/a344e210-b303-491f-87e9-0f9882f73c9e"; # this is /dev/sda3
      fsType = "ext4";
    };
  };

@kierdavis Yes, or to be precise: I use the default, which is true AFAIK.

I think the issue here is twofold:

• Rebuilding with mutable users (AFAIK) merges the generated content with the already existing files like /etc/passwd. It should (that's a feature request, I guess) also be able to differentiate between content that has been generated by the last run and content that has been altered in the mean time.
• Not being able to even change these files (i.e. them being mount points). This could be my fault (wrong usage): Is it even allowed/possible to run nixos-rebuild from within a shell opened by nixos-install --chroot ?

[Profpatsch]

(triage) what’s the status?

[musteresel]

I didn't investigate further than what I wrote above. I don't think it's too much of an issue, though this could be turned into a feature request for nixos to save the generated passwd file (and similar files) somewhere in the nix store (read only thus) and compare the actual passwd file to that in order to know which users had previously been defined.

Not sure if it's worth the effort, though.

[Profpatsch]

Then I’ll close, feel free to reopen.