feat: introduce optional stateful user management#36
Closed
JulienMalka wants to merge 1 commit intonikstur:mainfrom
Closed
feat: introduce optional stateful user management#36JulienMalka wants to merge 1 commit intonikstur:mainfrom
JulienMalka wants to merge 1 commit intonikstur:mainfrom
Conversation
In non-nixos settings, it is frequent that some users/groups are created by default by the distribution, or impurely by the user. Because userborn is stateless, those users/groups are disabled when they are not included in the userborn configuration. This change introduce a stateful mode, activated by the USERBORN_STATEFUL environement variable, where userborn maintain a list of users/groups it owns and only act on entities of that list.
Merged
nikstur
reviewed
Jan 26, 2026
Owner
nikstur
left a comment
nikstur
left a comment
There was a problem hiding this comment.
Thank you for raising this issue and working on this implementation!
However, I feel that this is very complicated. In fact too complicated for my liking. It touches much of the core code of Userborn which makes it impossible for me to say in good conscience that this change is correct.
I believe this can be implemented in a much simpler and less intrusive way. See #38
Comment on lines
+54
to
+65
| let json = serde_json::to_string_pretty(&managed) | ||
| .with_context(|| "Failed to serialize managed entities")?; | ||
|
|
||
| let mut file = OpenOptions::new() | ||
| .write(true) | ||
| .create(true) | ||
| .truncate(true) | ||
| .open(&self.state_file_path) | ||
| .with_context(|| format!("Failed to create/open state file: {:?}", self.state_file_path))?; | ||
|
|
||
| file.write_all(json.as_bytes()) | ||
| .with_context(|| "Failed to write state file")?; |
Owner
There was a problem hiding this comment.
This whole thing could be `
Suggested change
| let json = serde_json::to_string_pretty(&managed) | |
| .with_context(|| "Failed to serialize managed entities")?; | |
| let mut file = OpenOptions::new() | |
| .write(true) | |
| .create(true) | |
| .truncate(true) | |
| .open(&self.state_file_path) | |
| .with_context(|| format!("Failed to create/open state file: {:?}", self.state_file_path))?; | |
| file.write_all(json.as_bytes()) | |
| .with_context(|| "Failed to write state file")?; | |
| fs::write(&self.state_file_path, serde_json::to_vec_pretty(&managed).context("")?).context("")? |
| file.write_all(json.as_bytes()) | ||
| .with_context(|| "Failed to write state file")?; | ||
|
|
||
| log::debug!("Saved managed entities to state file: {:?}", self.state_file_path); |
Owner
There was a problem hiding this comment.
Suggested change
| log::debug!("Saved managed entities to state file: {:?}", self.state_file_path); | |
| log::info!("Saved managed entities to state file: {:?}", self.state_file_path); |
Comment on lines
+35
to
+40
| let mut file = File::open(&self.state_file_path) | ||
| .with_context(|| format!("Failed to open state file: {:?}", self.state_file_path))?; | ||
|
|
||
| let mut contents = String::new(); | ||
| file.read_to_string(&mut contents) | ||
| .with_context(|| "Failed to read state file")?; |
Owner
There was a problem hiding this comment.
Suggested change
| let mut file = File::open(&self.state_file_path) | |
| .with_context(|| format!("Failed to open state file: {:?}", self.state_file_path))?; | |
| let mut contents = String::new(); | |
| file.read_to_string(&mut contents) | |
| .with_context(|| "Failed to read state file")?; | |
| let contents = fs::read(&self.state_file_path).context("")?; |
| file.read_to_string(&mut contents) | ||
| .with_context(|| "Failed to read state file")?; | ||
|
|
||
| let managed: ManagedEntities = serde_json::from_str(&contents) |
Owner
There was a problem hiding this comment.
Suggested change
| let managed: ManagedEntities = serde_json::from_str(&contents) | |
| let managed: ManagedEntities = serde_json::from_slice(&contents) |
| use serde::Deserialize; | ||
|
|
||
| #[derive(Deserialize, Debug)] | ||
| #[derive(Deserialize, Debug, Clone, PartialEq, serde::Serialize)] |
Owner
There was a problem hiding this comment.
serde is not used if I see that correctly.
Suggested change
| #[derive(Deserialize, Debug, Clone, PartialEq, serde::Serialize)] | |
| #[derive(Deserialize, Debug, Clone, PartialEq)] |
| log::info!("Running in stateful mode"); | ||
|
|
||
| // Initialize state manager | ||
| let state_manager = StateManager::new(&directory); |
Owner
There was a problem hiding this comment.
This would currently write this file right to /etc. This should be the StateDirectory of the Userborn service.
| if !previous.users.contains(user) { | ||
| log::info!(" + Taking ownership of user: {}", user); | ||
| } else { | ||
| log::info!(" ~ Managing user: {}", user); |
Owner
There was a problem hiding this comment.
This would log this info on every single invocation. That's too much noise for an info log.
Contributor
Author
|
Thanks for the review! I do agree that your version is more clean and minimalist, so closing this! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In non-nixos settings, it is frequent that some users/groups are created by default by the distribution, or impurely by the user. Because userborn is stateless, those users/groups are disabled when they are not included in the userborn configuration. This change introduce a stateful mode, activated by the USERBORN_STATEFUL environement variable, where userborn maintain a list of users/groups it owns and only act on entities of that list.