summaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorGiacomo Leidi <goodoldpaul@autistici.org>2024-10-08 00:40:26 +0200
committerLudovic Courtès <ludo@gnu.org>2024-12-18 18:32:40 +0100
commit58f430f69e71f95cedab9912c1c9f2cc8660fad9 (patch)
treeaa6522c5e928ca36acdf6fc479e86e526a4e4b5c /gnu
parent478b9ccea854ec4407643a44d40ee61584fbc73d (diff)
accounts: Add /etc/subuid and /etc/subgid support.
This commit adds a new record type, <subid-entry> and serializers and deserializers for it in (gnu build accounts). Each instance of this record represents one line in either /etc/subuid or /etc/subgid. Since Shadow uses the same representation for both files, it should be ok if we do it as well. This commit adds also <subid-range>, a user facing representation of <subid-entry>. It is supposed to be usable directly in OS configurations. * gnu/build/accounts.scm (subid-entry): New record; (write-subgid): add serializer for subgids; (write-subuid): add serializer for subuids; (read-subgid): add serializer for subgids; (read-subuid): add serializer for subuids. * gnu/system/accounts.scm (subid-range): New record. * test/accounts.scm: Test them. Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org> Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/accounts.scm37
-rw-r--r--gnu/system/accounts.scm17
2 files changed, 51 insertions, 3 deletions
diff --git a/gnu/build/accounts.scm b/gnu/build/accounts.scm
index fa6f454b5e..ea8c69f205 100644
--- a/gnu/build/accounts.scm
+++ b/gnu/build/accounts.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2021, 2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -51,13 +52,23 @@
group-entry-gid
group-entry-members
+ subid-entry
+ subid-entry?
+ subid-entry-name
+ subid-entry-start
+ subid-entry-count
+
%password-lock-file
write-group
write-passwd
write-shadow
+ write-subgid
+ write-subuid
read-group
read-passwd
read-shadow
+ read-subgid
+ read-subuid
%id-min
%id-max
@@ -68,11 +79,12 @@
;;; Commentary:
;;;
-;;; This modules provides functionality equivalent to the C library's
+;;; This module provides functionality equivalent to the C library's
;;; <shadow.h>, <pwd.h>, and <grp.h> routines, as well as a subset of the
;;; functionality of the Shadow command-line tools. It can parse and write
-;;; /etc/passwd, /etc/shadow, and /etc/group. It can also take care of UID
-;;; and GID allocation in a way similar to what 'useradd' does.
+;;; /etc/passwd, /etc/shadow, /etc/group, /etc/subuid and /etc/subgid. It can
+;;; also take care of UID and GID allocation in a way similar to what 'useradd'
+;;; does. The same goes for sub UID and sub GID allocation.
;;;
;;; The benefit is twofold: less code is involved, and the ID allocation
;;; strategy and state preservation is made explicit.
@@ -225,6 +237,17 @@ each field."
(serialization list->comma-separated comma-separated->list)
(default '())))
+(define-database-entry <subid-entry> ;<subid.h>
+ subid-entry make-subid-entry
+ subid-entry?
+ (serialization #\: subid-entry->string string->subid-entry)
+
+ (name subid-entry-name)
+ (start subid-entry-start
+ (serialization number->string string->number))
+ (count subid-entry-count
+ (serialization number->string string->number)))
+
(define %password-lock-file
;; The password database lock file used by libc's 'lckpwdf'. Users should
;; grab this lock with 'with-file-lock' when they access the databases.
@@ -265,6 +288,10 @@ to it atomically and set the appropriate permissions."
(database-writer "/etc/shadow" #o600 shadow-entry->string))
(define write-group
(database-writer "/etc/group" #o644 group-entry->string))
+(define write-subuid
+ (database-writer "/etc/subuid" #o644 subid-entry->string))
+(define write-subgid
+ (database-writer "/etc/subgid" #o644 subid-entry->string))
(define (database-reader file string->entry)
(lambda* (#:optional (file-or-port file))
@@ -287,6 +314,10 @@ to it atomically and set the appropriate permissions."
(database-reader "/etc/shadow" string->shadow-entry))
(define read-group
(database-reader "/etc/group" string->group-entry))
+(define read-subuid
+ (database-reader "/etc/subuid" string->subid-entry))
+(define read-subgid
+ (database-reader "/etc/subgid" string->subid-entry))
;;;
diff --git a/gnu/system/accounts.scm b/gnu/system/accounts.scm
index 586cff1842..9a006c188d 100644
--- a/gnu/system/accounts.scm
+++ b/gnu/system/accounts.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -39,6 +40,12 @@
user-group-id
user-group-system?
+ subid-range
+ subid-range?
+ subid-range-name
+ subid-range-start
+ subid-range-count
+
sexp->user-account
sexp->user-group
@@ -85,6 +92,16 @@
(system? user-group-system? ; Boolean
(default #f)))
+(define-record-type* <subid-range>
+ subid-range make-subid-range
+ subid-range?
+ (name subid-range-name)
+ (start subid-range-start (default #f)) ; number
+ (count subid-range-count ; number
+ ; from find_new_sub_gids.c and
+ ; find_new_sub_uids.c
+ (default 65536)))
+
(define (default-home-directory account)
"Return the default home directory for ACCOUNT."
(string-append "/home/" (user-account-name account)))