* gnu/packages/patches/linux-pam-unix_chkpwd.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/linux.scm (linux-pam): Use it.
* gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
* gnu/system/pam.scm (unix-pam-service): Add account and session PAM entries
for pam-gnupg. Don't pass "#f" to "allow-root?" argument, because "lambda*"
already does this by default.
* doc/guix.texi (X Window): Document this.
* gnu/services/xorg.scm (<slim-configuration>)[gnupg?]: New record field.
(slim-pam-service): Pass "#:gnupg?" argument to "unix-pam-service".
* gnu/services/dbus.scm (polkit-service-type)[description]: New field.
* gnu/services/dict.scm (dicod-service-type)[description]: New field.
* gnu/services/dns.scm (knot-service-type)[description]: New field.
* gnu/services/networking.scm (dhcpd-service-type)[description]: New field.
* gnu/services/shepherd.scm (shepherd-root-service-type)[description]:
New field.
* gnu/services/xorg.scm (slim-service-type)[description]: New field.
(screen-locker-service-type)[description]: New field.
* gnu/system/pam.scm (pam-root-service-type)[description]: New field.
* gnu/system/shadow.scm (account-service-type)[description]: New field.
* gnu/system/pam.scm (unix-pam-service): Add #:login-uid? parameter. In
then 'session' field, add "pam_loginuid.so" as required when LOGIN-UID?
is true.
* gnu/system/pam.scm (unix-pam-service): Add pam-entry for "pam_rootok.so" to
auth field when ALLOW-ROOT? is #T.
(base-pam-services): Allow root to run "su" without authentication.
* gnu/system/pam.scm (<pam-limits-entry>): New record type.
(pam-limits-entry, pam-limits-entry->string): New procedures.
* gnu/services/base.scm (pam-limits-service-type): New variable.
(pam-limits-service): New procedure.
* doc/guix.texi (Base Services): Document it.
* gnu/system/pam.scm (<pam-configuration>): New record type.
(/etc-entry): Change 'services' parameter' to 'config'. Honor the
'transform' field of CONFIG.
(extend-configuration): New procedure.
(pam-root-service-type): Use EXTEND-CONFIGURATION as the 'extend'
field.
(pam-root-service): Add #:transform parameter. Service value is a
<pam-configuration>.