Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssm-agent: fix bad user declaration #99520

Merged
merged 1 commit into from Oct 8, 2020
Merged

Conversation

@endgame
Copy link
Contributor

@endgame endgame commented Oct 4, 2020

Motivation for this change

Make ssm-agent service evaluate properly, and make Session Manager actually useful.

Things done

Built and run on an EC2 nixos image, and connected to the system through AWS Systems Manager > Session Manager.

@endgame
Copy link
Contributor Author

@endgame endgame commented Oct 4, 2020

Closes: #99053 #99404 #99518

@endgame endgame force-pushed the endgame:ssm-agent-user-fix branch from 4fa4118 to 0d41792 Oct 6, 2020
users.groups.ssm-user = {};
users.users.ssm-user = {
isNormalUser = true;
group = "ssm-user";

This comment has been minimized.

@Infinisil

Infinisil Oct 7, 2020
Member

Is there a point to using a separate user if that user has the same privileges as root? Why not just run as root directly?

This comment has been minimized.

@endgame

endgame Oct 7, 2020
Author Contributor

Good question. The user is not used to run the service, it's used when you use Session Manager to connect directly to a running instance.

This comment has been minimized.

@endgame

endgame Oct 7, 2020
Author Contributor

(This does not appear to be a configurable thing, and is how it happens on standard AWS images too.)

@endgame
Copy link
Contributor Author

@endgame endgame commented Oct 8, 2020

@Infinisil Thanks for your comments. Anything else you need from me to keep this moving?

@Infinisil Infinisil merged commit 6ee8491 into NixOS:master Oct 8, 2020
18 checks passed
18 checks passed
tests tests
Details
action
Details
Evaluation Performance Report Evaluator Performance Report
Details
Wait for ofborg
Details
grahamcofborg-eval ^.^!
Details
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./pkgs/t
Details
grahamcofborg-eval-lib-tests nix-build --arg pkgs import ./. {} ./lib/tests/release.nix
Details
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./nixos/
Details
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./nixos/
Details
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./nixos/
Details
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./pkgs/t
Details
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./pkgs/t
Details
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="0d41792"; rev="0d417929bf7c4e58123f3a3de6d73e67e17663ea"; } ./pkgs/t
Details
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
ssm-agent, ssm-agent.passthru.tests on aarch64-linux Success
Details
ssm-agent, ssm-agent.passthru.tests on x86_64-linux Success
Details
@endgame endgame deleted the endgame:ssm-agent-user-fix branch Oct 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.