From patchwork Wed Apr 23 10:07:17 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 41953
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id CD9E627BC4B; Wed, 23 Apr 2025 11:34:03 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,
	RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 8F47027BC49
	for <patchwork@mira.cbaines.net>; Wed, 23 Apr 2025 11:34:03 +0100 (BST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1u7XPo-0000Mx-Sd; Wed, 23 Apr 2025 06:33:16 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1u7XPl-0000MB-N9
 for guix-patches@gnu.org; Wed, 23 Apr 2025 06:33:14 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1u7XPl-0005gq-Ax
 for guix-patches@gnu.org; Wed, 23 Apr 2025 06:33:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=Jnyogk9SUVwKE14SY8PRyiiit9yoxAOtOOy89QdpamA=;
 b=PmoYindcnv+kUMPqWKFB1Me0SCVa9Iua+xpZVXZ1brederEEgkVSJhKfbOO6+Yy5GcbQVatUGoEMMGm2JqqmukQFq7p3M0SkUaPtjVI9SELbIyV4j5/0xuJOlaizc5oaobpzQ+mqd4TLqX084/7o9tnOFydUIzy4Xu5tf6GY+B7CzMU9DAOoC/J6KwA4jCVNtlwja0xmZBh/ZQDTBiJuZmKZq9otcbMUrQCuhtoaC7IjrVqejGHDXmAintk8VDxektzaotPABw5RY2XxOnZalTfCT8db0W1DUW5Apw7wETVpAgmH4YxKlLUAoFsbDd81iV6wVkcB+Zcv05+lhLnKAw==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1u7XPl-00027b-48
 for guix-patches@gnu.org; Wed, 23 Apr 2025 06:33:13 -0400
Subject: bug#77413: [PATCH] services: postgresql-service-type: Allow allowing
 to log into the user.
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: guix-patches@gnu.org
Resent-Date: Wed, 23 Apr 2025 10:33:12 +0000
Resent-Message-ID: <handler.77413.D77413.17454043507722.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 77413
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Tomas Volf <~@wolfsden.cz>
Cc: 77413-done@debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@gmail.com>
Mail-Followup-To: 77413@debbugs.gnu.org, ludo@gnu.org, ~@wolfsden.cz
Received: via spool by 77413-done@debbugs.gnu.org id=D77413.17454043507722
 (code D ref 77413); Wed, 23 Apr 2025 10:33:12 +0000
Received: (at 77413-done) by debbugs.gnu.org; 23 Apr 2025 10:32:30 +0000
Received: from localhost ([127.0.0.1]:54169 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1u7XP3-00020L-IR
 for submit@debbugs.gnu.org; Wed, 23 Apr 2025 06:32:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40466)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@gnu.org>) id 1u7XOv-0001y4-Bx
 for 77413-done@debbugs.gnu.org; Wed, 23 Apr 2025 06:32:22 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1u7XOp-0005Ws-Am; Wed, 23 Apr 2025 06:32:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=Jnyogk9SUVwKE14SY8PRyiiit9yoxAOtOOy89QdpamA=; b=B4ac4QQWQVt3+I1Ywxt9
 qbuYTyASp3rP8IMtYNDAN3lAjqZ9zlO8Xaz939hJN5bZEgtWQbVMLlTHXE7iHFNPr+xmWcI9+6xvE
 H7xSp5H5O8BuyzIElx5+v0KpaU3PH//sPx9kknRR7XN/LtxpHbXh5+u0c5yFDP0RDKmIRdGscABls
 iNiOGKftG8ZxbcqG8mi09pDMFM2jOfT6MzLFCbV+Qc+gN5WER+Nil1/fkr0Dcqct8ZW0JArtP3DGl
 ahmo619bIg9J1AN0g1mYIJFKa1qeozVnkKNPUG1NAWZpLyokjkqIZtDS60S2FrngsEsj/kW84O1x5
 HhQNf0Td9Jw5fw==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
In-Reply-To: <87v7rf6l1v.fsf@gnu.org> ("Ludovic =?utf-8?q?Court=C3=A8s?= "'s
 message of "Tue, 08 Apr 2025 11:48:28 +0200")
References: 
 <9ac891e4fdb07ec4fd0e92f232a923d33d4c20ec.1743449155.git.~@wolfsden.cz>
 <87iknl1zzh.fsf@gmail.com> <871pu98v8q.fsf@gnu.org>
 <87fripy3w2.fsf@wolfsden.cz> <87v7rf6l1v.fsf@gnu.org>
Date: Wed, 23 Apr 2025 12:07:17 +0200
Message-ID: <875xivp4x6.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Hello,

Ludovic Courtès <ludo@gnu.org> writes:

> But then again, I’m not a sysadmin; if you say that this is common
> practice in the case of the postgresql privilege separation user, then
> it’s probably that people consider it good enough, and perhaps we don’t
> need a warning.

Based on this, I went ahead and applied the patch with the change below.

Thanks,
Ludo’.

diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index b45aad2c0b..edc3198ad5 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -29,6 +29,7 @@ (define-module (gnu services databases)
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system shadow)
+  #:autoload   (gnu system accounts) (default-shell)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages base)
   #:use-module (gnu packages databases)
@@ -220,7 +221,7 @@ (define (create-postgresql-account config)
                 (not (string=? home-directory %default-home-directory)))
                (home-directory home-directory)
                (shell (if allow-login?
-                          ((@ (gnu system accounts) default-shell))
+                          (default-shell)
                           (file-append shadow "/sbin/nologin"))))))))
 
 (define (final-postgresql postgresql extension-packages)