From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2506 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: "Laurent Bercot" Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: s6 bites noob Date: Tue, 05 Feb 2019 19:44:09 +0000 Message-ID: References: Reply-To: "Laurent Bercot" Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="208942"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: eM_Client/7.2.33939.0 To: "supervision@list.skarnet.org" Original-X-From: supervision-return-2096-gcsg-supervision=m.gmane.org@list.skarnet.org Tue Feb 05 20:44:12 2019 Return-path: Envelope-to: gcsg-supervision@m.gmane.org Original-Received: from alyss.skarnet.org ([95.142.172.232]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1gr6de-000sAo-Kd for gcsg-supervision@m.gmane.org; Tue, 05 Feb 2019 20:44:10 +0100 Original-Received: (qmail 14236 invoked by uid 89); 5 Feb 2019 19:44:36 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm Original-Sender: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 14226 invoked from network); 5 Feb 2019 19:44:36 -0000 In-Reply-To: X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtledrkeeigdduvdegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecupfgfoffgtffkveetuefngfdpqfgfvfenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkjghfrhgfgggtgfesthhqredttderjeenucfhrhhomhepfdfnrghurhgvnhhtuceuvghrtghothdfuceoshhkrgdqshhuphgvrhhvihhsihhonhesshhkrghrnhgvthdrohhrgheqnecurfgrrhgrmhepmhhouggvpehsmhhtphhouhhtnecuvehluhhsthgvrhfuihiivgeptd Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2506 Archived-At: >just take this as a data sample for what can happen when a random noob tri= es to use s6. Although unpleasant (not gonna lie), it was a very useful user experience report, thank you. Among other things, it comforts me in the belief that a user interface layer on top of s6 + s6-rc + s6-linux-init is the way to go - a layer that makes things Just Work even when users don't do everything perfectly, and with friendlier behaviour in case of an error. People will still be able to look under the hood and tweak things manually, but they won't have to, and they won't be exposed to the nuts and bolts unless they want to. Also, just in case someone tries the latest s6 / s6-rc git head: I have added "uid/self" and "gid/self" key checking in the accessrules library, for when the client runs with the same euid / the same egid as the server; and I have changed s6-rc-compile to use the=20 functionality, removing its -u and -g options in the process. So now, the behaviour should always be consistent: the user who can operate a s6-rc database is always the user who owns the supervision tree. No exceptions. root can also use s6-rc commands, but services will still run as the user who owns the supervision tree. A numbered release of s6 and s6-rc (and lots of other packages) will happen some time next month. >BTW, your explanations of why things are designed the way they are were he= lpful for understanding the system. I recommend copying them into the docs. I should write a "rationale / policy recommendation" section in the documentation pages, that is a good idea. -- Laurent