Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ssm-agent: fix bad user declaration #99520

Merged
merged 1 commit into from Oct 8, 2020
Merged

Conversation

@endgame
Copy link
Contributor

@endgame endgame commented Oct 4, 2020

Motivation for this change

Make ssm-agent service evaluate properly, and make Session Manager actually useful.

Things done

Built and run on an EC2 nixos image, and connected to the system through AWS Systems Manager > Session Manager.

@endgame
Copy link
Contributor Author

@endgame endgame commented Oct 4, 2020

Closes: #99053 #99404 #99518

@endgame endgame force-pushed the ssm-agent-user-fix branch from 4fa4118 to 0d41792 Oct 6, 2020
users.groups.ssm-user = {};
users.users.ssm-user = {
isNormalUser = true;
group = "ssm-user";
Copy link
Member

@Infinisil Infinisil Oct 7, 2020

Is there a point to using a separate user if that user has the same privileges as root? Why not just run as root directly?

Copy link
Contributor Author

@endgame endgame Oct 7, 2020

Good question. The user is not used to run the service, it's used when you use Session Manager to connect directly to a running instance.

Copy link
Contributor Author

@endgame endgame Oct 7, 2020

(This does not appear to be a configurable thing, and is how it happens on standard AWS images too.)

@endgame
Copy link
Contributor Author

@endgame endgame commented Oct 8, 2020

@Infinisil Thanks for your comments. Anything else you need from me to keep this moving?

@Infinisil Infinisil merged commit 6ee8491 into NixOS:master Oct 8, 2020
18 checks passed
@endgame endgame deleted the ssm-agent-user-fix branch Oct 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants