container-create-user.sh - Replace login with runuser for better compatibility #51
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…atibility
Using `runuser` fixes the interactive login on Debian 13 based containers.
When `login -p -f ${USERNAME}` is executed by container-create-user.sh, the
process is stopped by SIGTTOU after attempted call of TCSETS. Debugging `login`
in D12 showed that it was using a different call - SNDCTL_TMR_START about which
strace is not fully certain reporting it as "SNDCTL_TMR_START or TCSETS". The
likely reason that this was a bug in earlier versions of login fixed in the
version included in D13. TCSETS (now, when used properly) is subject to job
control leading to the `login` process being stopped by SIGTTOU.
runuser doesn't have the complex session and terminal handling that login does
and is currently the recommended way to run commands as other users without
requiring authentication. runuser has been available since Debian 8, so
backward compatibility is preserved.
Tested with Debian 10, 12 and 13 based containers, verifying that initial
container shell successfully starts and it is possible to start additional
shells with `due --login`. Also compared the output of `set` in login-based and
runuser-based shells: the latter miss HUSHLOGIN, MAIL, MOTD_SHOWN; these env
vars do not seem to be critical for build environments.
Signed-off-by: Anton Degtyarev <adeg47@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using
runuserfixes the interactive login on Debian 13 based containers.When
login -p -f ${USERNAME}is executed by container-create-user.sh, the process is stopped by SIGTTOU after attempted call of TCSETS. Debuggingloginin D12 showed that it was using a different call - SNDCTL_TMR_START about which strace is not fully certain reporting it as "SNDCTL_TMR_START or TCSETS". The likely reason that this was a bug in earlier versions of login fixed in the version included in D13. TCSETS (now, when used properly) is subject to job control leading to theloginprocess being stopped by SIGTTOU.runuser doesn't have the complex session and terminal handling that login does and is currently the recommended way to run commands as other users without requiring authentication. runuser has been available since Debian 8, so backward compatibility is preserved.
Tested with Debian 10, 12 and 13 based containers, verifying that initial container shell successfully starts and it is possible to start additional shells with
due --login. Also compared the output ofsetin login-based and runuser-based shells: the latter miss HUSHLOGIN, MAIL, MOTD_SHOWN; these env vars do not seem to be critical for build environments.