system: Add the 'system?' field for user groups.
Suggested by Mark H. Weaver. * gnu/system/shadow.scm (<user-group>)[system?]: New field. (%base-groups): Introduce 'system-group' macro, and use it. * gnu/system.scm (user-group->gexp): Pass the 'system?' field. * guix/build/activation.scm (add-group): Add #:system? and honor it. (activate-users+groups): Handle the 'system?' field. * gnu/system/file-systems.scm (%tty-gid): Choose an ID below 1000. * doc/guix.texi (User Accounts): Document the 'system?' field.master
parent
931c132a58
commit
c8fa34265d
|
@ -3201,6 +3201,10 @@ The group's name.
|
|||
The group identifier (a number). If @code{#f}, a new number is
|
||||
automatically allocated when the group is created.
|
||||
|
||||
@item @code{system?} (default: @code{#f})
|
||||
This Boolean value indicates whether the group is a ``system'' group.
|
||||
System groups have low numerical IDs.
|
||||
|
||||
@item @code{password} (default: @code{#f})
|
||||
What, user groups can have a password? Well, apparently yes. Unless
|
||||
@code{#f}, this field specifies the group's password.
|
||||
|
|
|
@ -363,7 +363,8 @@ alias ll='ls -l'
|
|||
'active-groups'."
|
||||
#~(list #$(user-group-name group)
|
||||
#$(user-group-password group)
|
||||
#$(user-group-id group)))
|
||||
#$(user-group-id group)
|
||||
#$(user-group-system? group)))
|
||||
|
||||
(define (user-account->gexp account)
|
||||
"Turn ACCOUNT, a <user-account> object, into a list-valued gexp suitable for
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
(define %tty-gid
|
||||
;; ID of the 'tty' group. Allocate it statically to make it easy to refer
|
||||
;; to it from here and from the 'tty' group definitions.
|
||||
1004)
|
||||
996)
|
||||
|
||||
(define %pseudo-terminal-file-system
|
||||
;; The pseudo-terminal file system. It needs to be mounted so that
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
user-group-name
|
||||
user-group-password
|
||||
user-group-id
|
||||
user-group-system?
|
||||
|
||||
default-skeletons
|
||||
skeleton-directory
|
||||
|
@ -75,28 +76,33 @@
|
|||
user-group?
|
||||
(name user-group-name)
|
||||
(password user-group-password (default #f))
|
||||
(id user-group-id (default #f)))
|
||||
(id user-group-id (default #f))
|
||||
(system? user-group-system? ; Boolean
|
||||
(default #f)))
|
||||
|
||||
(define %base-groups
|
||||
;; Default set of groups.
|
||||
(list (user-group (name "root") (id 0))
|
||||
(user-group (name "wheel")) ; root-like users
|
||||
(user-group (name "users")) ; normal users
|
||||
(user-group (name "nogroup")) ; for daemons etc.
|
||||
(let-syntax ((system-group (syntax-rules ()
|
||||
((_ args ...)
|
||||
(user-group (system? #t) args ...)))))
|
||||
(list (system-group (name "root") (id 0))
|
||||
(system-group (name "wheel")) ; root-like users
|
||||
(system-group (name "users")) ; normal users
|
||||
(system-group (name "nogroup")) ; for daemons etc.
|
||||
|
||||
;; The following groups are conventionally used by things like udev to
|
||||
;; control access to hardware devices.
|
||||
(user-group (name "tty") (id %tty-gid))
|
||||
(user-group (name "dialout"))
|
||||
(user-group (name "kmem"))
|
||||
(user-group (name "video"))
|
||||
(user-group (name "audio"))
|
||||
(user-group (name "netdev")) ; used in avahi-dbus.conf
|
||||
(user-group (name "lp"))
|
||||
(user-group (name "disk"))
|
||||
(user-group (name "floppy"))
|
||||
(user-group (name "cdrom"))
|
||||
(user-group (name "tape"))))
|
||||
(system-group (name "tty") (id %tty-gid))
|
||||
(system-group (name "dialout"))
|
||||
(system-group (name "kmem"))
|
||||
(system-group (name "video"))
|
||||
(system-group (name "audio"))
|
||||
(system-group (name "netdev")) ; used in avahi-dbus.conf
|
||||
(system-group (name "lp"))
|
||||
(system-group (name "disk"))
|
||||
(system-group (name "floppy"))
|
||||
(system-group (name "cdrom"))
|
||||
(system-group (name "tape")))))
|
||||
|
||||
(define (default-skeletons)
|
||||
"Return the default skeleton files for /etc/skel. These files are copied by
|
||||
|
|
|
@ -36,13 +36,14 @@
|
|||
;;;
|
||||
;;; Code:
|
||||
|
||||
(define* (add-group name #:key gid password
|
||||
(define* (add-group name #:key gid password system?
|
||||
(log-port (current-error-port)))
|
||||
"Add NAME as a user group, with the given numeric GID if specified."
|
||||
;; Use 'groupadd' from the Shadow package.
|
||||
(format log-port "adding group '~a'...~%" name)
|
||||
(let ((args `(,@(if gid `("-g" ,(number->string gid)) '())
|
||||
,@(if password `("-p" ,password) '())
|
||||
,@(if system? `("--system") '())
|
||||
,name)))
|
||||
(zero? (apply system* "groupadd" args))))
|
||||
|
||||
|
@ -128,9 +129,11 @@ numeric gid or #f."
|
|||
|
||||
;; Then create the groups.
|
||||
(for-each (match-lambda
|
||||
((name password gid)
|
||||
((name password gid system?)
|
||||
(unless (false-if-exception (getgrnam name))
|
||||
(add-group name #:gid gid #:password password))))
|
||||
(add-group name
|
||||
#:gid gid #:password password
|
||||
#:system? system?))))
|
||||
groups)
|
||||
|
||||
;; Finally create the other user accounts.
|
||||
|
|
Reference in New Issue