diff options
author | Jan (janneke) Nieuwenhuizen <janneke@gnu.org> | 2020-10-09 22:55:46 +0200 |
---|---|---|
committer | Jan (janneke) Nieuwenhuizen <janneke@gnu.org> | 2020-10-09 23:25:33 +0200 |
commit | 16f8ea064cde3ee4ef36212cdbdef90e98ba6914 (patch) | |
tree | d74d28d0f2bf8325bc7ef70851f66e92915c0f2c | |
parent | f08587682a631d3fe30159af838c6766dd65205b (diff) | |
download | guix-16f8ea064cde3ee4ef36212cdbdef90e98ba6914.tar.gz |
system: hurd: Add PAM support with shadow and sudo.
* gnu/system.scm (hurd-default-essential-services): Add setuid-program-service-type. * gnu/system/hurd.scm (%base-packages/hurd): Add shadow, sudo. (%setuid-programs/hurd): New variable. (%hurd-default-operating-system)[setuid-program]: Use it. [pam-services, sudoers-file]: Remove overrides; enabling regular defaults. * gnu/system/examples/bare-hurd.tmpl (%hurd-os)[users]: New field. [services]: Do not disable PAM in SSH.
-rw-r--r-- | gnu/system.scm | 2 | ||||
-rw-r--r-- | gnu/system/examples/bare-hurd.tmpl | 9 | ||||
-rw-r--r-- | gnu/system/hurd.scm | 20 |
3 files changed, 24 insertions, 7 deletions
diff --git a/gnu/system.scm b/gnu/system.scm index 3f4a0065d0..ab1b0ff3de 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -634,6 +634,8 @@ bookkeeping." (operating-system-file-systems os))) (pam-root-service (operating-system-pam-services os)) (operating-system-etc-service os) + (service setuid-program-service-type + (operating-system-setuid-programs os)) (service profile-service-type (operating-system-packages os))))) (define* (operating-system-services os) diff --git a/gnu/system/examples/bare-hurd.tmpl b/gnu/system/examples/bare-hurd.tmpl index 414a9379c8..e4b795ff27 100644 --- a/gnu/system/examples/bare-hurd.tmpl +++ b/gnu/system/examples/bare-hurd.tmpl @@ -40,15 +40,20 @@ %base-file-systems)) (host-name "guixygnu") (timezone "Europe/Amsterdam") + (users (cons (user-account + (name "guix") + (comment "Anonymous Hurd Hacker") + (group "users") + (supplementary-groups '("wheel"))) + %base-user-accounts)) (packages (cons openssh-sans-x %base-packages/hurd)) (services (cons (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) - (use-pam? #f) (port-number 2222) (permit-root-login #t) (allow-empty-passwords? #t) (password-authentication? #t))) - %base-services/hurd)))) + %base-services/hurd)))) %hurd-os diff --git a/gnu/system/hurd.scm b/gnu/system/hurd.scm index 80fffe8e45..767a624493 100644 --- a/gnu/system/hurd.scm +++ b/gnu/system/hurd.scm @@ -42,7 +42,8 @@ #:export (%base-packages/hurd %base-services/hurd %hurd-default-operating-system - %hurd-default-operating-system-kernel)) + %hurd-default-operating-system-kernel + %setuid-programs/hurd)) ;;; Commentary: ;;; @@ -62,7 +63,7 @@ (define %base-packages/hurd (list hurd bash coreutils file findutils grep sed guile-3.0 guile-colorized guile-readline - net-base inetutils less shepherd which)) + net-base inetutils less shadow shepherd sudo which)) (define %base-services/hurd (list (service hurd-console-service-type @@ -86,6 +87,17 @@ `(("/bin/sh" ,(file-append bash "/bin/sh")) ("/usr/bin/env" ,(file-append coreutils "/bin/env")))))) +(define %setuid-programs/hurd + ;; Default set of setuid-root programs. + (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") + (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") + (file-append shadow "/bin/newuidmap") + (file-append shadow "/bin/newgidmap") + (file-append sudo "/bin/sudo") + (file-append sudo "/bin/sudoedit"))) + (define %hurd-default-operating-system (operating-system (kernel %hurd-default-operating-system-kernel) @@ -103,6 +115,4 @@ (timezone "GNUrope") (name-service-switch #f) (essential-services (hurd-default-essential-services this-operating-system)) - (pam-services '()) - (setuid-programs '()) - (sudoers-file #f))) + (setuid-programs %setuid-programs/hurd))) |