nixos: Confusion around the "su" command

[rickynils]

There's a su command both in the shadow package and in util-linux, and they don't behave in exactly the same way. This means that if you don't have the shadow package installed (which is the case if users.mutableUsers = false), then su from util-linux is used. When you do su - user, it looks for /etc/pam.d/su-l, which is not setup on NixOS. Therefore, authentication fails. However, if you have shadow in systemPackages, su - works because it is not looking for /etc/pam.d/su-l.

I think NixOS should settle for one package and remove su from the others. I have no opinion on which package to settle on, though. There might also be other collisions for related binaries.

[wkennington]

I assume this fixes #1813

[rickynils]

@wkennington, yes this should fix #1813. The question is how it should be solved. The most reasonable solution, I think, is to split the shadow package into a user management part and a su part (with the multiple output feature of nix). Then the su part could be added unconditionally to systemPackages, and the user management part only if mutableUsers is true. Then, for good manners we should also remove su from `util-linux'. @edolstra, any opinions on this solution?

[shlevy]

@rickynils Do you think you can implement this in time for the 14.04 branch?

[wkennington]

I've implemented his change, waiting to test it now.