Thanks a lot for this PR. I wasn't aware of this problem. I can indeed imagine that people will be locked out. Just to be sure: this will not happen to ssh sessions and the like? If it does impact ssh sessions, would it make sense to always try to rewrite the path?

From tests here it does not lock you out from ssh. But it does indeed tamper with services that look in /etc/shell to test for normal vs systems users, like gdm via accounts-daemon, or ftp servers apparently[1].

I discovered the issue with gdm that suddenly had no user to show in the users selection dropdown. All were considered system users for their shells were not in /etc/shells.

Now that ssh seems not to be impacted, throwing an error seems a bit overkill. I turned it into a warning, but kept the evaluation failing. If we prefer not to fail, we just need to flip the boolean.

BTW, we definitely need a mailing list for changes like this. Like Arch does.

@layus for now you can post these in Discourse: https://discourse.nixos.org/

but an "announcements" mailing list could definitely be useful.

I can say there's at least one confirmed report of this causing problems for a user

• https://discourse.nixos.org/t/normal-users-not-appearing-in-login-manager-lists/4619/2

(triage) What say you @worldofpeace & @matthewbauer ?

I'd assume this is already "too late" - users upgrading to a new release in the last 1.5 years most likely already stumbled into this and migrated away from the old config.

Agreed.