Skip to content

feat: Create headscale user and group as system user/groups #2322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kradalby merged 1 commit into from
May 3, 2025
Merged

feat: Create headscale user and group as system user/groups #2322

kradalby merged 1 commit into from
May 3, 2025

Conversation

@jyundt
Copy link
Contributor

@jyundt jyundt commented Dec 30, 2024

When creating the headscale user and group, create both as system groups rather than creating them as 'user' groups.

FIXES #2278

  • have read the CONTRIBUTING.md file
  • raised a GitHub issue or discussed it on the projects chat beforehand
  • added unit tests
  • added integration tests
  • updated documentation if needed
  • updated CHANGELOG.md

@jyundt
feat: Create headscale user and group as system user/groups
51927e3 
When creating the headscale user and group, create both as system groups
rather than creating them as 'user' groups.

FIXES juanfont#2278
@jyundt
Copy link
Contributor Author

jyundt commented Dec 31, 2024
edited
Loading

Tested the new postinst, UID/GID looks good:

root@aa9aa3bd9af8:~# id headscale
uid=999(headscale) gid=999(headscale) groups=999(headscale)
root@aa9aa3bd9af8:~#

@jyundt jyundt marked this pull request as ready for review December 31, 2024 00:35
@kradalby
Copy link
Collaborator

kradalby commented Jan 2, 2025

How will this impact already created users?

@jyundt
Copy link
Contributor Author

jyundt commented Jan 2, 2025

How will this impact already created users?

@kradalby existing users/groups will not be modified by this change, they will remain with their non-System UIDs/GIDs.

Example:

root@e55169df78a2:/tmp# apt install ./headscale_0.24.0-beta.1_linux_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'headscale' instead of './headscale_0.24.0-beta.1_linux_amd64.deb'
The following NEW packages will be installed:
  headscale
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/18.5 MB of archives.
After this operation, 52.0 MB of additional disk space will be used.
Get:1 /tmp/headscale_0.24.0-beta.1_linux_amd64.deb headscale amd64 0.24.0~beta.1 [18.5 MB]
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package headscale.
(Reading database ... 4393 files and directories currently installed.)
Preparing to unpack .../headscale_0.24.0-beta.1_linux_amd64.deb ...
Unpacking headscale (0.24.0~beta.1) ...
Setting up headscale (0.24.0~beta.1) ...
Sudo permissions detected
Found headscale /usr/bin/headscale
PostInstall: Adding headscale user headscale
PostInstall: Creating headscale run directory 
PostInstall: Modifying group ownership of headscale run directory 
----------------------------------------------------------------------
 headscale package has been successfully installed.

 Please follow the next steps to start the software:

    sudo systemctl enable headscale
    sudo systemctl start headscale

 Configuration settings can be adjusted here:
    /etc/headscale/config.yaml

----------------------------------------------------------------------
root@e55169df78a2:/tmp# id headscale
uid=1000(headscale) gid=1000(headscale) groups=1000(headscale)
root@e55169df78a2:/tmp# apt upgrade ./headscale_0.24.0-beta.2_jy_linux_amd64.deb 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'headscale' instead of './headscale_0.24.0-beta.2_jy_linux_amd64.deb'
Calculating upgrade... Done
The following packages will be upgraded:
  headscale
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/14.8 MB of archives.
After this operation, 1208 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 /tmp/headscale_0.24.0-beta.2_jy_linux_amd64.deb headscale amd64 0.24.0~beta.2 [14.8 MB]
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 4401 files and directories currently installed.)
Preparing to unpack .../headscale_0.24.0-beta.2_jy_linux_amd64.deb ...
Unpacking headscale (0.24.0~beta.2) over (0.24.0~beta.1) ...
Removing run directory
Setting up headscale (0.24.0~beta.2) ...
Installing new version of config file /etc/headscale/config.yaml ...
Sudo permissions detected
Found headscale /usr/bin/headscale
PostInstall: Adding headscale user headscale
useradd: user 'headscale' already exists
PostInstall: Creating headscale run directory 
PostInstall: Modifying group ownership of headscale run directory 
----------------------------------------------------------------------
 headscale package has been successfully installed.

 Please follow the next steps to start the software:

    sudo systemctl enable headscale
    sudo systemctl start headscale

 Configuration settings can be adjusted here:
    /etc/headscale/config.yaml

----------------------------------------------------------------------
root@e55169df78a2:/tmp# id headscale
uid=1000(headscale) gid=1000(headscale) groups=1000(headscale)
root@e55169df78a2:/tmp#

@kradalby kradalby modified the milestones: v0.24.0, Next Jan 3, 2025
@chriswiggins
Copy link

chriswiggins commented Feb 8, 2025

If the install target is using systemd, would it not be beneficial to use DynamicUser?

The cockpit project does this now and it works really well: https://github.com/cockpit-project/cockpit/blob/main/src/systemd/cockpit-wsinstance-socket-user.service

You set a dependency on the user unit, and then the service uses that dynamically, using cgroups which means it is adequately sandboxed

@nblock nblock modified the milestones: Next, v0.26.0 May 3, 2025
@nblock nblock enabled auto-merge (rebase) May 3, 2025 06:37
@kradalby kradalby closed this May 3, 2025
auto-merge was automatically disabled May 3, 2025 08:19

Pull request was closed

@kradalby kradalby reopened this May 3, 2025
@ghost
Copy link

ghost commented May 3, 2025
edited by ghost
Loading

Pull Request Revisions

RevisionDescription
r1
Added system user and group flagsModified user and group creation commands to use system-level flags (-r for useradd, -r for groupadd, -S for alpine addgroup)
✅ AI review completed for r1
Help React with emojis to give feedback on AI-generated reviews:
  • 👍 means the feedback was helpful and actionable
  • 👎 means the feedback was incorrect or unhelpful
💬 Replying to feedback with a comment helps us improve the system. Your input also contributes to shaping future interactions with the AI reviewer.

We'd love to hear from you—reach out anytime at [email protected].

@kradalby kradalby enabled auto-merge (squash) May 3, 2025 08:29
@kradalby kradalby merged commit 03a9169 into juanfont:main May 3, 2025
144 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nblock nblock nblock approved these changes

@ohdearaugustin ohdearaugustin Awaiting requested review from ohdearaugustin ohdearaugustin is a code owner

+1 more reviewer
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v0.26.0

Development

Successfully merging this pull request may close these issues.

[Bug] Non-system headscale user and group from DEB packages

4 participants

@jyundt @kradalby @chriswiggins @nblock