activation: Ensure existing user accounts have the right settings.
* gnu/build/activation.scm (modify-user, ensure-user): New procedures. (activate-users+groups): Systematically call 'ensure-user'.master
parent
5f36ea03ad
commit
e2b464b7f4
|
@ -88,6 +88,33 @@ properties. Return #t on success."
|
||||||
,name)))
|
,name)))
|
||||||
(zero? (apply system* "useradd" args)))))
|
(zero? (apply system* "useradd" args)))))
|
||||||
|
|
||||||
|
(define* (modify-user name group
|
||||||
|
#:key uid comment home shell password system?
|
||||||
|
(supplementary-groups '())
|
||||||
|
(log-port (current-error-port)))
|
||||||
|
"Modify user account NAME to have all the given settings."
|
||||||
|
;; Use 'usermod' from the Shadow package.
|
||||||
|
(let ((args `(,@(if uid `("-u" ,(number->string uid)) '())
|
||||||
|
"-g" ,(if (number? group) (number->string group) group)
|
||||||
|
,@(if (pair? supplementary-groups)
|
||||||
|
`("-G" ,(string-join supplementary-groups ","))
|
||||||
|
'())
|
||||||
|
,@(if comment `("-c" ,comment) '())
|
||||||
|
;; Don't use '--move-home', so ignore HOME.
|
||||||
|
,@(if shell `("-s" ,shell) '())
|
||||||
|
,name)))
|
||||||
|
(zero? (apply system* "usermod" args))))
|
||||||
|
|
||||||
|
(define* (ensure-user name group
|
||||||
|
#:key uid comment home shell password system?
|
||||||
|
(supplementary-groups '())
|
||||||
|
(log-port (current-error-port))
|
||||||
|
#:rest rest)
|
||||||
|
"Make sure user NAME exists and has the relevant settings."
|
||||||
|
(if (false-if-exception (getpwnam name))
|
||||||
|
(apply modify-user name group rest)
|
||||||
|
(apply add-user name group rest)))
|
||||||
|
|
||||||
(define (activate-users+groups users groups)
|
(define (activate-users+groups users groups)
|
||||||
"Make sure the accounts listed in USERS and the user groups listed in GROUPS
|
"Make sure the accounts listed in USERS and the user groups listed in GROUPS
|
||||||
are all available.
|
are all available.
|
||||||
|
@ -101,23 +128,22 @@ numeric gid or #f."
|
||||||
(define activate-user
|
(define activate-user
|
||||||
(match-lambda
|
(match-lambda
|
||||||
((name uid group supplementary-groups comment home shell password system?)
|
((name uid group supplementary-groups comment home shell password system?)
|
||||||
(unless (false-if-exception (getpwnam name))
|
(let ((profile-dir (string-append "/var/guix/profiles/per-user/"
|
||||||
(let ((profile-dir (string-append "/var/guix/profiles/per-user/"
|
name)))
|
||||||
name)))
|
(ensure-user name group
|
||||||
(add-user name group
|
#:uid uid
|
||||||
#:uid uid
|
#:system? system?
|
||||||
#:system? system?
|
#:supplementary-groups supplementary-groups
|
||||||
#:supplementary-groups supplementary-groups
|
#:comment comment
|
||||||
#:comment comment
|
#:home home
|
||||||
#:home home
|
#:shell shell
|
||||||
#:shell shell
|
#:password password)
|
||||||
#:password password)
|
|
||||||
|
|
||||||
(unless system?
|
(unless system?
|
||||||
;; Create the profile directory for the new account.
|
;; Create the profile directory for the new account.
|
||||||
(let ((pw (getpwnam name)))
|
(let ((pw (getpwnam name)))
|
||||||
(mkdir-p profile-dir)
|
(mkdir-p profile-dir)
|
||||||
(chown profile-dir (passwd:uid pw) (passwd:gid pw)))))))))
|
(chown profile-dir (passwd:uid pw) (passwd:gid pw))))))))
|
||||||
|
|
||||||
;; 'groupadd' aborts if the file doesn't already exist.
|
;; 'groupadd' aborts if the file doesn't already exist.
|
||||||
(touch "/etc/group")
|
(touch "/etc/group")
|
||||||
|
|
Reference in New Issue