Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/samba: install samba package #64683

Closed
wants to merge 1 commit into from
Closed

nixos/samba: install samba package #64683

wants to merge 1 commit into from

Conversation

aske
Copy link
Member

@aske aske commented Jul 12, 2019

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@aske
Copy link
Member Author

aske commented Jul 13, 2019

Well, after enabling the service I was confused a bit, as I expected tools like smbpasswd to become available.

@FRidh
Copy link
Member

FRidh commented Jul 13, 2019

Having a service enabled does not mean you, as a user, should have the items on PATH that the service has.

@aske
Copy link
Member Author

aske commented Jul 15, 2019

I'd argue in this case it's appropriate because administrators more often that not need smbpasswd to finish setting up the server.

@FRidh
Copy link
Member

FRidh commented Jul 15, 2019

An administrator might, but a user not.

@aske
Copy link
Member Author

aske commented Jul 15, 2019

Hm, what would be the difference between different types of users here, as I'm not sure there is a way to have tools from pkgs.samba in PATH for a user admin1 and not have them for some user2 on the same machine (barring installation via nix-env)?
When I'm enabling a samba server service I'd usually need smbpasswd, so I'd add samba to the nix configuration file and it would be in the PATH of other users of my server anyway.
Having smbpasswd available after enabling samba server service seems less confusing and more convenient than doing nix-shell or nix run.

@FRidh
Copy link
Member

FRidh commented Jul 20, 2019

Closing this ticket.

@FRidh FRidh closed this Jul 20, 2019
@aske
Copy link
Member Author

aske commented Nov 23, 2019

Sorry for the late reply.

The security concern is absolutely valid, though I'm not sure the analogy is completely applicable to the environment.systemPackages; and if we want to avoid environment.systemPackages -= [ pkgs.samba ]; problem -- why use them at all then?

There are quite a lot of modules using it in modules:

git grep 'environment.systemPackages =' | wc -l
1360

Some modules are not really usuable without tools installed via systemPackages, so one could argue we can keep those.
For other modules tools they come with are usually needed but not absolutely necessary for them to function, so should we remove environment.systemPackages assignment for them?
For example services/torrent/deluge.nix.

In the end I'd want to have a clearer mental model when it's fine to use environment.systemPackages in a module.

The one I have right one is: "It's OK when some tool is needed more often than not."

There are two other ways I see:

  1. Don't use it.
  2. Use only if absolutely 100% necessary, and make patches to remove current violations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants