me
/
guix
Archived
1
0
Fork 0

system: Add the 'system?' field for user groups.

Suggested by Mark H. Weaver.

* gnu/system/shadow.scm (<user-group>)[system?]: New field.
  (%base-groups): Introduce 'system-group' macro, and use it.
* gnu/system.scm (user-group->gexp): Pass the 'system?' field.
* guix/build/activation.scm (add-group): Add #:system? and honor it.
  (activate-users+groups): Handle the 'system?' field.
* gnu/system/file-systems.scm (%tty-gid): Choose an ID below 1000.
* doc/guix.texi (User Accounts): Document the 'system?' field.
master
Ludovic Courtès 2014-07-25 00:12:35 +02:00
parent 931c132a58
commit c8fa34265d
5 changed files with 37 additions and 23 deletions

View File

@ -3201,6 +3201,10 @@ The group's name.
The group identifier (a number). If @code{#f}, a new number is
automatically allocated when the group is created.
@item @code{system?} (default: @code{#f})
This Boolean value indicates whether the group is a ``system'' group.
System groups have low numerical IDs.
@item @code{password} (default: @code{#f})
What, user groups can have a password? Well, apparently yes. Unless
@code{#f}, this field specifies the group's password.

View File

@ -363,7 +363,8 @@ alias ll='ls -l'
'active-groups'."
#~(list #$(user-group-name group)
#$(user-group-password group)
#$(user-group-id group)))
#$(user-group-id group)
#$(user-group-system? group)))
(define (user-account->gexp account)
"Turn ACCOUNT, a <user-account> object, into a list-valued gexp suitable for

View File

@ -95,7 +95,7 @@
(define %tty-gid
;; ID of the 'tty' group. Allocate it statically to make it easy to refer
;; to it from here and from the 'tty' group definitions.
1004)
996)
(define %pseudo-terminal-file-system
;; The pseudo-terminal file system. It needs to be mounted so that

View File

@ -43,6 +43,7 @@
user-group-name
user-group-password
user-group-id
user-group-system?
default-skeletons
skeleton-directory
@ -75,28 +76,33 @@
user-group?
(name user-group-name)
(password user-group-password (default #f))
(id user-group-id (default #f)))
(id user-group-id (default #f))
(system? user-group-system? ; Boolean
(default #f)))
(define %base-groups
;; Default set of groups.
(list (user-group (name "root") (id 0))
(user-group (name "wheel")) ; root-like users
(user-group (name "users")) ; normal users
(user-group (name "nogroup")) ; for daemons etc.
(let-syntax ((system-group (syntax-rules ()
((_ args ...)
(user-group (system? #t) args ...)))))
(list (system-group (name "root") (id 0))
(system-group (name "wheel")) ; root-like users
(system-group (name "users")) ; normal users
(system-group (name "nogroup")) ; for daemons etc.
;; The following groups are conventionally used by things like udev to
;; control access to hardware devices.
(user-group (name "tty") (id %tty-gid))
(user-group (name "dialout"))
(user-group (name "kmem"))
(user-group (name "video"))
(user-group (name "audio"))
(user-group (name "netdev")) ; used in avahi-dbus.conf
(user-group (name "lp"))
(user-group (name "disk"))
(user-group (name "floppy"))
(user-group (name "cdrom"))
(user-group (name "tape"))))
(system-group (name "tty") (id %tty-gid))
(system-group (name "dialout"))
(system-group (name "kmem"))
(system-group (name "video"))
(system-group (name "audio"))
(system-group (name "netdev")) ; used in avahi-dbus.conf
(system-group (name "lp"))
(system-group (name "disk"))
(system-group (name "floppy"))
(system-group (name "cdrom"))
(system-group (name "tape")))))
(define (default-skeletons)
"Return the default skeleton files for /etc/skel. These files are copied by

View File

@ -36,13 +36,14 @@
;;;
;;; Code:
(define* (add-group name #:key gid password
(define* (add-group name #:key gid password system?
(log-port (current-error-port)))
"Add NAME as a user group, with the given numeric GID if specified."
;; Use 'groupadd' from the Shadow package.
(format log-port "adding group '~a'...~%" name)
(let ((args `(,@(if gid `("-g" ,(number->string gid)) '())
,@(if password `("-p" ,password) '())
,@(if system? `("--system") '())
,name)))
(zero? (apply system* "groupadd" args))))
@ -128,9 +129,11 @@ numeric gid or #f."
;; Then create the groups.
(for-each (match-lambda
((name password gid)
((name password gid system?)
(unless (false-if-exception (getgrnam name))
(add-group name #:gid gid #:password password))))
(add-group name
#:gid gid #:password password
#:system? system?))))
groups)
;; Finally create the other user accounts.