Creating home happens before /home is mounted #6481
Comments
|
Not all activationScripts can be a systemd task, considering that filling /etc itself is an activation script and that systemd configurations are there. |
|
Well then just for users and groups |
|
Then you have to ensure that most of systemd services are started after the users and groups task, because you know some of them run with a specific user. |
|
pardon my stupidity, any specific reason mounting need to be an systemd task rather then activation script? |
|
I am guessing it is because some mounting operations require daemons running? |
|
It's how systemd works :)
|
|
So from my own system engineering experiences mounting /home and /var to a different partition/disk/network locations is extremely common (/var/logs for one usually require a much larger disk). A lot of system daemons use locations in /var for their system users. I've also seen /home mounted from nfs partitions quiet often which would require a nfsd and mountd daemons. To address the chicken and egg problem then system user homes for nfs are put in /var/lib I believe This basically leads me to the following conclusions:
So one obvious implementation is "isSystemMount/isEarlyMount" flag and running mount task for those mounts as activation script and rest as systemd mount. |
Isn't the obvious implementation just user creation depending on /home |
|
@7c6f434c |
Well, we can checking that all prefixes are mounted if they are |
|
I think the easiest solution is to leave user creation in the activation script, but put home directory creation in a one-line systemd service that has a RequiresMountsFor line for the intended directory. Alternatively, we could use systemd-tmpfiles to create the home directory, but I'm not sure how that sits in the dependency ordering. |
|
Hmmm. 16cf3ee might have fixed that since I take it |
|
You must mount manually everything before doing nixos-install, not only /boot. |
|
@iElectric That commit really only fixes the case where you change the |
|
The ZFS service complains about mounting /home, because it not empty (because some users are just created automatically there). I believe this is the same issue. This happens during a |
|
I have a minimal reproducing example using the following { main =
{ pkgs, ... }:
{ deployment.targetEnv = "virtualbox";
deployment.virtualbox = {
headless = true;
disks.home = {
port = 1;
size = 0;
baseImage =
let
drv = pkgs.runCommand "home.vdi"
{ name = "home.vdi";
buildInputs = [ pkgs.e2fsprogs ];
preVM = ''
diskImage=home.qcow2
${pkgs.vmTools.qemu}/bin/qemu-img create -f qcow2 $diskImage 1M
'';
postVM = ''
rm -r $out
${pkgs.vmTools.qemu}/bin/qemu-img convert -f qcow2 -O vdi $diskImage $out
'';
}
''
mkfs.ext3 -F -L home /dev/vda
'';
in
pkgs.vmTools.runInLinuxVM drv;
};
};
fileSystems."/home" = {
device = "/dev/disk/by-label/home";
};
users = {
mutableUsers = false;
users.root.password = "";
users.alice = {
createHome = true;
home = "/home/alice";
};
};
};
}... and I deployed that by running: $ nixops create -d example example.nix
$ nixops deploy -d example --force-reboot
$ nixops ssh -d example main
[root@main:~]$ ls /home
lost+found
[root@main:~]$ umount /home
[root@main:~]$ ls /home
alice
... which shows that One workaround if you are using |
|
I encountered this problem in an interesting way: I wanted to put gitolite's data directory on a separate disk, so I used the following configuration: This is deployed by nixops. gitolite creates its user with home directory "/volumes/storage/gitolite" and relies on the activation scripts to create it; however, activation scripts run before the filesystem is mounted. Then the filesystem gets mounted and happily hides the created gitolite's data directory. Then, the Since it's nixops we're talking about, this is especially bad: deployments must succeed, we can't afford a luxury of repeating the activation. |
|
I believe a proper solution for this would be: (1) introduce a one-stop systemd service that creates users' home directories and depends on |
|
Just reading the discussion here, this seems like an important issue, but hasn't seen any activity for almost two years. Any updates? |
|
My workaround, for now, has been to disable all createHome settings (n.b. some module settings enable createHome for the service users they create, so make sure to disable those too) and either create the home directories by hand, or add oneshot systemd units that create them before the corresponding services start up. |
|
Hello, I'm a bot and I thank you in the name of the community for opening this issue. To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human. The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it. If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them. Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel. |
stale
bot
added
the
2.status: stale
|
This issue is still relevant. |
stale
bot
removed
the
2.status: stale
|
I marked this as stale due to inactivity. → More info |
stale
bot
added
the
2.status: stale
|
Still relevant. |
stale
bot
removed
the
2.status: stale
|
I marked this as stale due to inactivity. → More info |
stale
bot
added
the
2.status: stale
|
Still relevant. |
|
What is the blocker for implementing systemd services for user homes? Is the problem that no one has volunteered? |
stale
bot
removed
the
2.status: stale
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd units with `RequiresMountsFor` solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd units with `RequiresMountsFor` solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd units with `RequiresMountsFor` solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd units with `RequiresMountsFor` solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd units with `RequiresMountsFor` solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd tmpfiles solve the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd tmpfiles solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd tmpfiles solves the race condition.
Fixes NixOS#6481 When the home directory is on a separate mount the user home directories were not created. Using systemd tmpfiles solves the race condition.
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/users-users-name-createhome-not-creating-home-directory/30779/4 |
|
I'm the user from that Discourse thread. Trying to use tmpfs for |
|
Any update on this? This seems like a pretty major issue for a very common use case. |
If
/homeis a separate partition, users and groups activation script would create/home/userbefore/homewould be mounted.I guess that
/homeis mounted via systemd and users-and-groups are an activation scripts, which leads to potential racing condition.Is that a sign that activationScripts should be a systemd task?
cc @goodwillcoding @edolstra
The text was updated successfully, but these errors were encountered: