| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | accounts: Add /etc/subid and /etc/subgid allocation logic.•••This commit adds allocation logic for subid ranges. Subid ranges are
ranges of contiguous subids that are mapped to a user in the host
system. This patch implements a flexible allocation algorithm allowing
users that do not want (or need) to specify details of the subid ranges
that they are requesting to avoid doing so, while upholding requests of
users that need to have specific ranges.
* gnu/build/accounts.scm (%subordinate-id-min): New variable;
(%subordinate-id-max): new variable;
(%subordinate-id-count): new variable;
(subordinate-id?): new variable;
(&subordinate-id-error): new variable;
(&subordinate-id-overflow-error): new variable;
(&illegal-subid-range-error): new variable;
(&specific-subid-range-expected-error): new variable;
(&generic-subid-range-expected-error): new variable;
(within-interval?): new variable;
(allocate-unused-range): new variable;
(allocate-generic-range): new variable;
(allocate-specific-range): new variable;
(reserve-subids): new variable;
(range->entry): new variable;
(entry->range): new variable;
(allocate-subids): new variable;
(subuid+subgid-databases): new variable.
* gnu/system/accounts.scm (subid-range-end): New variable;
(subid-range-has-start?): new variable;
(subid-range-less): new variable.
* test/accounts.scm: Test them.
Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d
Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Giacomo Leidi | 2024-12-18 | 1 | -2/+317 |
| * | accounts: Add /etc/subuid and /etc/subgid support.•••This commit adds a new record type, <subid-entry> and serializers
and deserializers for it in (gnu build accounts). Each instance of this
record represents one line in either /etc/subuid or /etc/subgid. Since
Shadow uses the same representation for both files, it should be ok if
we do it as well.
This commit adds also <subid-range>, a user facing representation of
<subid-entry>. It is supposed to be usable directly in OS configurations.
* gnu/build/accounts.scm (subid-entry): New record;
(write-subgid): add serializer for subgids;
(write-subuid): add serializer for subuids;
(read-subgid): add serializer for subgids;
(read-subuid): add serializer for subuids.
* gnu/system/accounts.scm (subid-range): New record.
* test/accounts.scm: Test them.
Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Giacomo Leidi | 2024-12-18 | 1 | -3/+34 |
| * | accounts: Fix typo in comment.•••* gnu/build/accounts.scm (passwd->shadow): Fix typo in comment.
| Ludovic Courtès | 2023-10-12 | 1 | -1/+1 |
| * | accounts: Ensure ‘last-change’ field of shadow entries is never zero.•••* gnu/build/accounts.scm (passwd->shadow): Add ‘max’ call so NOW is
greater than or equal to 1.
| Ludovic Courtès | 2023-10-08 | 1 | -2/+10 |
| * | system: Allow 'chfn' to change the user's full name.•••Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
| Ludovic Courtès | 2022-01-01 | 1 | -2/+6 |
| * | accounts: Delete duplicate entries.•••When adding multiple instances of a service requiring some user
account/group, we could end up with multiple entries for that account or
group in /etc/passwd or /etc/group.
* gnu/build/accounts.scm (database-writer)[write-entries]: Add call to
'delete-duplicates'.
* tests/accounts.scm ("write-passwd with duplicate entry"): New test.
| Ludovic Courtès | 2019-08-28 | 1 | -1/+1 |
| * | accounts: Use 'fsync' instead of 'fdatasync'.•••* gnu/build/accounts.scm (catch-ENOSYS): Remove.
(database-writer): Use 'fsync' instead of 'fdatasync'.
| Ludovic Courtès | 2019-06-27 | 1 | -13/+1 |
| * | accounts: Call 'fdatasync' when writing databases.•••* gnu/build/accounts.scm (catch-ENOSYS): New macro.
(database-writer): Call 'fdatasync'.
| Ludovic Courtès | 2019-06-05 | 1 | -0/+14 |
| * | accounts: Close database before renaming it.•••Fixes <https://bugs.gnu.org/35996>.
Reported by Florian Pelz <pelzflorian@pelzflorian.de>.
* gnu/build/accounts.scm (database-writer): Move 'close-port' call
before 'rename-file'.
| Ludovic Courtès | 2019-06-05 | 1 | -1/+3 |
| * | activation: Lock /etc/.pwd.lock before accessing databases.•••Suggested by Florian Pelz <pelzflorian@pelzflorian.de>
in <http://bugs.gnu.org/35996>.
* gnu/build/accounts.scm (%password-lock-file): New variable.
* gnu/build/activation.scm (activate-users+groups): Wrap calls to
'user+group-databases', 'write-group', etc. into 'with-file-lock'.
| Ludovic Courtès | 2019-06-05 | 1 | -0/+6 |
| * | accounts: Always honor the configured user account shell.•••Starting from commit 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86, Guix
System would preserve the user shell across reconfigure and reboot.
This was done so as to allow for the use of 'chsh'.
This proved to be a misguided decision. This commit goes back to
considering user shells as config and not "state."
* gnu/build/accounts.scm (allocate-passwd): Do not use shell from
PREVIOUS.
| Ludovic Courtès | 2019-04-26 | 1 | -3/+6 |
| * | Add (gnu build accounts).•••* gnu/build/accounts.scm, tests/accounts.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/accounts.scm.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm.
| Ludovic Courtès | 2019-03-07 | 1 | -0/+561 |
