From 9c8297e4cbb12ab6f4bc0ecc4e586d9938e9ff6a Mon Sep 17 00:00:00 2001
From: Felix Lechner <felix.lechner@lease-up.com>
Date: Tue, 22 Nov 2022 13:21:51 -0800
Subject: [PATCH] For FUSE-based home folders, chdir into them as the user
 instead of root.

By default, filesystems user-mounted via FUSE are not accessible to
root. [1] Such user mounts have been common for encrypted home folders
since 2003. [2][3][4] This change accommodates users with those home
folders.

Greetd previously sent affected users into the root directory ("/")
because their home folders were inaccessible to root.

Now the directory operation occurs after a user's privileges were
assumed. Users find themselves in their home folders after logging in.

Since the call to PAM's open_session now takes place before any change
of folders, the value of the current directory is no longer being
exposed to the modules via the environment variable $PWD, but the PAM
environment is distinct from the process environment.

This commit was tested on Guix without commit 424ecac4 since the Rust
crate for nix 0.20 was not immediately available there.

[1] https://unix.stackexchange.com/a/17423
[2] https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
[3] https://en.wikipedia.org/wiki/EncFS
[4] https://nuetzlich.net/gocryptfs/
---
 greetd/src/session/worker.rs | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/greetd/src/session/worker.rs b/greetd/src/session/worker.rs
index 20432a1..5742f87 100644
--- a/greetd/src/session/worker.rs
+++ b/greetd/src/session/worker.rs
@@ -171,16 +171,6 @@ fn worker(sock: &UnixDatagram) -> Result<(), Error> {
     let uid = Uid::from_raw(user.uid());
     let gid = Gid::from_raw(user.primary_group_id());
 
-    // Change working directory
-    let pwd = match env::set_current_dir(home) {
-        Ok(_) => home,
-        Err(_) => {
-            env::set_current_dir("/")
-                .map_err(|e| format!("unable to set working directory: {}", e))?;
-            "/"
-        }
-    };
-
     // PAM has to be provided a bunch of environment variables before
     // open_session. We pass any environment variables from our greeter
     // through here as well. This allows them to affect PAM (more
@@ -193,7 +183,6 @@ fn worker(sock: &UnixDatagram) -> Result<(), Error> {
         format!("LOGNAME={}", username),
         format!("HOME={}", home),
         format!("SHELL={}", shell),
-        format!("PWD={}", pwd),
         format!("GREETD_SOCK={}", env::var("GREETD_SOCK").unwrap()),
         format!(
             "TERM={}",
@@ -242,6 +231,11 @@ fn worker(sock: &UnixDatagram) -> Result<(), Error> {
             // death signal, which is why we do this here.
             prctl(PrctlOption::SET_PDEATHSIG(libc::SIGTERM)).expect("unable to set death signal");
 
+            // Change working directory
+            if let Err(e) = env::set_current_dir(home) {
+                eprintln!("unable to set working directory: {}", e);
+            }
+
             // Run
             let cpath = CString::new("/bin/sh").unwrap();
             execve(
-- 
2.38.5