Run as target user, not as dedicated gnome-initial-setup user
(Write-up of hallway discussion with @bberg at GUADEC.)
At present, gnome-initial-setup (in the first-boot mode) runs in a cut-down GNOME shell, as a gnome-initial-setup
user. Once all pages are complete, it uses accountsservice to create a new account, makes all its files (keyring, GSettings database, ...) readable by that user, and tells GDM to log it out and log in as the new user. Very early in the new user's session, gnome-initial-setup-copy-worker
runs, and copies all the files from the gnome-initial-setup
user's transient home directory into its own home directory.
By contrast, when you make another new user, gnome-initial-setup runs as that user in the normal shell.
It would be nice if these two could be combined, so that gnome-initial-setup always runs as the user it is configuring, and always runs in the cut-down shell mode.
Here's a rough idea of an implementation:
- When GDM starts, if no (non-temporary, non-system) users are present on the system:
- It creates a new unprivileged user (with a temporary name), flagged in some way as temporary
- It spawn a gnome-initial-setup session as that user, using the cut-down shell mode, and with some custom polkit agent/temporary rules (#76) which allow that user to change its own username and password, change the system locale, etc.
- When gnome-initial-setup finishes, it renames the user it is running as to the desired username, changes its password, then asks GDM to spawn a new session as that user (as it currently does)
- Teach accountsservice to move a user's home directory when it is renamed
- Drop the copy-worker
The same mechanism (with some pages skipped, as in the current implementation) could be used for subsequent users, resolving #12. The special handling of gnome-initial-setup-copy-worker could be removed from systemd user session support.
Caveats:
- How to make such a transient user? We'll need to be able to recover if the system shuts down uncleanly before g-i-s is complete.
- What about enterprise/Kerberos login?
- Probably many others that I haven't thought of