diff options
author | Mathieu Othacehe <othacehe@gnu.org> | 2022-04-04 16:36:07 +0200 |
---|---|---|
committer | Mathieu Othacehe <othacehe@gnu.org> | 2022-04-06 21:19:07 +0200 |
commit | 2bfb27af56e2e1ef1699c8ec63d3badeb211b58e (patch) | |
tree | ad5b29faf0e3707a1df911083d5623112ef7bab2 | |
parent | 3b262b51fa616e3809b7bad450e288359845028a (diff) | |
download | guix-2bfb27af56e2e1ef1699c8ec63d3badeb211b58e.tar.gz |
installer: user: Forbid root user creation.
Forbid root user creation as it could lead to a system without any non-priviledged user accouts. Fixes: <https://issues.guix.gnu.org/54666>. * gnu/installer/newt/user.scm (run-user-add-page): Forbid it.
-rw-r--r-- | gnu/installer/newt/user.scm | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm index 7c1cc2249d..a1c797688e 100644 --- a/gnu/installer/newt/user.scm +++ b/gnu/installer/newt/user.scm @@ -40,6 +40,9 @@ REAL-NAME, and HOME-DIRECTORY as the initial values in the form." (define (pad-label label) (string-pad-right label 25)) + (define (root-account? name) + (string=? name "root")) + (let* ((label-name (make-label -1 -1 (pad-label (G_ "Name")))) (label-real-name @@ -116,10 +119,14 @@ REAL-NAME, and HOME-DIRECTORY as the initial values in the form." GRID-ELEMENT-SUBGRID button-grid) title) - (let ((error-page + (let ((error-empty-field-page (lambda () (run-error-page (G_ "Empty inputs are not allowed.") - (G_ "Empty input"))))) + (G_ "Empty input")))) + (error-root-page + (lambda () + (run-error-page (G_ "Root account is automatically created.") + (G_ "Root account"))))) (receive (exit-reason argument) (run-form form) (dynamic-wind @@ -132,22 +139,28 @@ REAL-NAME, and HOME-DIRECTORY as the initial values in the form." (real-name (entry-value entry-real-name)) (home-directory (entry-value entry-home-directory)) (password (entry-value entry-password))) - (if (or (string=? name "") - (string=? home-directory "")) - (begin - (error-page) - (run-user-add-page)) - (let ((password (confirm-password password))) - (if password - (user - (name name) - (real-name real-name) - (home-directory home-directory) - (password (make-secret password))) - (run-user-add-page #:name name - #:real-name real-name - #:home-directory - home-directory))))))))) + (cond + ;; Empty field. + ((or (string=? name "") + (string=? home-directory "")) + (error-empty-field-page) + (run-user-add-page)) + ;; Reject root account. + ((root-account? name) + (error-root-page) + (run-user-add-page)) + (else + (let ((password (confirm-password password))) + (if password + (user + (name name) + (real-name real-name) + (home-directory home-directory) + (password (make-secret password))) + (run-user-add-page #:name name + #:real-name real-name + #:home-directory + home-directory)))))))))) (lambda () (destroy-form-and-pop form))))))) |