system: hurd: Add PAM support with shadow and sudo.

* gnu/system.scm (hurd-default-essential-services): Add setuid-program-service-type. * gnu/system/hurd.scm (%base-packages/hurd): Add shadow, sudo. (%setuid-programs/hurd): New variable. (%hurd-default-operating-system)[setuid-program]: Use it. [pam-services, sudoers-file]: Remove overrides; enabling regular defaults. * gnu/system/examples/bare-hurd.tmpl (%hurd-os)[users]: New field. [services]: Do not disable PAM in SSH.
2020-10-09 22:55:46 +02:00 · 2020-10-09 22:55:46 +02:00 · 16f8ea064c
parent f08587682a
commit 16f8ea064c
3 changed files with 24 additions and 7 deletions
--- a/gnu/system.scm
+++ b/gnu/system.scm
@ -634,6 +634,8 @@ bookkeeping."
                           (operating-system-file-systems os)))
          (pam-root-service (operating-system-pam-services os))
          (operating-system-etc-service os)
+          (service setuid-program-service-type
+                   (operating-system-setuid-programs os))
          (service profile-service-type (operating-system-packages os)))))

 (define* (operating-system-services os)
--- a/gnu/system/examples/bare-hurd.tmpl
+++ b/gnu/system/examples/bare-hurd.tmpl
@ -40,15 +40,20 @@
                        %base-file-systems))
    (host-name "guixygnu")
    (timezone "Europe/Amsterdam")
+    (users (cons (user-account
+                  (name "guix")
+                  (comment "Anonymous Hurd Hacker")
+                  (group "users")
+                  (supplementary-groups '("wheel")))
+                 %base-user-accounts))
    (packages (cons openssh-sans-x %base-packages/hurd))
    (services (cons (service openssh-service-type
                             (openssh-configuration
                              (openssh openssh-sans-x)
-                              (use-pam? #f)
                              (port-number 2222)
                              (permit-root-login #t)
                              (allow-empty-passwords? #t)
                              (password-authentication? #t)))
-               %base-services/hurd))))
+                    %base-services/hurd))))

 %hurd-os
--- a/gnu/system/hurd.scm
+++ b/gnu/system/hurd.scm
@ -42,7 +42,8 @@
  #:export (%base-packages/hurd
            %base-services/hurd
            %hurd-default-operating-system
-            %hurd-default-operating-system-kernel))
+            %hurd-default-operating-system-kernel
+            %setuid-programs/hurd))

 ;;; Commentary:
 ;;;
@ -62,7 +63,7 @@
 (define %base-packages/hurd
  (list hurd bash coreutils file findutils grep sed
        guile-3.0 guile-colorized guile-readline
-        net-base inetutils less shepherd which))
+        net-base inetutils less shadow shepherd sudo which))

 (define %base-services/hurd
  (list (service hurd-console-service-type
@ -86,6 +87,17 @@
                 `(("/bin/sh" ,(file-append bash "/bin/sh"))
                   ("/usr/bin/env" ,(file-append coreutils "/bin/env"))))))

+(define %setuid-programs/hurd
+  ;; Default set of setuid-root programs.
+  (list (file-append shadow "/bin/passwd")
+        (file-append shadow "/bin/sg")
+        (file-append shadow "/bin/su")
+        (file-append shadow "/bin/newgrp")
+        (file-append shadow "/bin/newuidmap")
+        (file-append shadow "/bin/newgidmap")
+        (file-append sudo "/bin/sudo")
+        (file-append sudo "/bin/sudoedit")))
+
 (define %hurd-default-operating-system
  (operating-system
    (kernel %hurd-default-operating-system-kernel)
@ -103,6 +115,4 @@
    (timezone "GNUrope")
    (name-service-switch #f)
    (essential-services (hurd-default-essential-services this-operating-system))
-    (pam-services '())
-    (setuid-programs '())
-    (sudoers-file #f)))
+    (setuid-programs %setuid-programs/hurd)))