From 459dd9eaf2ded3bd5676af7e62892db2c7880758 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 27 Jun 2014 18:57:33 +0200 Subject: system: Add a 'system?' field to user accounts. * gnu/system/shadow.scm ()[system?]: New field. * gnu/system.scm (user-account->gexp): Add it. * guix/build/activation.scm (add-user): Add #:system? parameter and honor it. (activate-users+groups): Handle the 'system?' part of user tuples. Pass it to 'add-user'. Don't create PROFILE-DIR when SYSTEM? is true. * gnu/services/dbus.scm (dbus-service): Add 'system?' field for "messagebus" account. * gnu/services/base.scm (guix-build-accounts): Likewise. * gnu/services/avahi.scm (avahi-service): Likewise. --- gnu/services/avahi.scm | 1 + gnu/services/base.scm | 1 + gnu/services/dbus.scm | 1 + gnu/system.scm | 3 ++- gnu/system/shadow.scm | 5 ++++- guix/build/activation.scm | 15 +++++++++------ 6 files changed, 18 insertions(+), 8 deletions(-) diff --git a/gnu/services/avahi.scm b/gnu/services/avahi.scm index 4b52fd7840..4ba1a513ab 100644 --- a/gnu/services/avahi.scm +++ b/gnu/services/avahi.scm @@ -100,6 +100,7 @@ sockets." (user-accounts (list (user-account (name "avahi") (group "avahi") + (system? #t) (comment "Avahi daemon user") (home-directory "/var/empty") (shell diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 35e5d42fa8..0df4f652da 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -327,6 +327,7 @@ starting at FIRST-UID, and under GID." (lambda (n) (user-account (name (format #f "guixbuilder~2,'0d" n)) + (system? #t) (uid (+ first-uid n -1)) (group group) diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 3fbbfde09b..2f67e26a1e 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -90,6 +90,7 @@ and policy files. For example, to allow avahi-daemon to use the system bus, (user-accounts (list (user-account (name "messagebus") (group "messagebus") + (system? #t) (comment "D-Bus system bus user") (home-directory "/var/run/dbus") (shell diff --git a/gnu/system.scm b/gnu/system.scm index dc8f9ef41c..661bf4cc52 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -369,7 +369,8 @@ alias ll='ls -l' #$(user-account-comment account) #$(user-account-home-directory account) ,#$(user-account-shell account) ; this one is a gexp - #$(user-account-password account))) + #$(user-account-password account) + #$(user-account-system? account))) (define (operating-system-activation-script os) "Return the activation script for OS---i.e., the code that \"activates\" the diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index fc19068ab6..9daf1e348d 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -34,6 +34,7 @@ user-account-comment user-account-home-directory user-account-shell + user-account-system? user-group user-group? @@ -63,7 +64,9 @@ (comment user-account-comment (default "")) (home-directory user-account-home-directory) (shell user-account-shell ; gexp - (default #~(string-append #$bash "/bin/bash")))) + (default #~(string-append #$bash "/bin/bash"))) + (system? user-account-system? ; Boolean + (default #f))) (define-record-type* user-group make-user-group diff --git a/guix/build/activation.scm b/guix/build/activation.scm index 12c1ca142d..9464d2157d 100644 --- a/guix/build/activation.scm +++ b/guix/build/activation.scm @@ -47,7 +47,7 @@ (zero? (apply system* "groupadd" args)))) (define* (add-user name group - #:key uid comment home shell password + #:key uid comment home shell password system? (supplementary-groups '()) (log-port (current-error-port))) "Create an account for user NAME part of GROUP, with the specified @@ -82,6 +82,7 @@ properties. Return #t on success." '()) ,@(if shell `("-s" ,shell) '()) ,@(if password `("-p" ,password) '()) + ,@(if system? '("--system") '()) ,name))) (zero? (apply system* "useradd" args))))) @@ -97,22 +98,24 @@ numeric gid or #f." (define activate-user (match-lambda - ((name uid group supplementary-groups comment home shell password) + ((name uid group supplementary-groups comment home shell password system?) (unless (false-if-exception (getpwnam name)) (let ((profile-dir (string-append "/var/guix/profiles/per-user/" name))) (add-user name group #:uid uid + #:system? system? #:supplementary-groups supplementary-groups #:comment comment #:home home #:shell shell #:password password) - ;; Create the profile directory for the new account. - (let ((pw (getpwnam name))) - (mkdir-p profile-dir) - (chown profile-dir (passwd:uid pw) (passwd:gid pw)))))))) + (unless system? + ;; Create the profile directory for the new account. + (let ((pw (getpwnam name))) + (mkdir-p profile-dir) + (chown profile-dir (passwd:uid pw) (passwd:gid pw))))))))) ;; 'groupadd' aborts if the file doesn't already exist. (touch "/etc/group") -- cgit 1.4.1