activation: Change permissions on /root to #o700.

Reported by Alex Griffin <a@ajgrf.com>.
Fixes <http://bugs.gnu.org/27135>.

* gnu/build/activation.scm (add-user): When UID is zero, add 'chmod'
call.
* gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
This commit is contained in:
Ludovic Courtès 2017-05-30 17:40:39 +02:00
parent 151cb9738a
commit 41db5a7563
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 12 additions and 2 deletions

View file

@ -130,14 +130,15 @@ (define* (add-user name group
;; 'useradd' fails with "Cannot determine your user name" if the root ;; 'useradd' fails with "Cannot determine your user name" if the root
;; account doesn't exist. Thus, for bootstrapping purposes, create that ;; account doesn't exist. Thus, for bootstrapping purposes, create that
;; one manually. ;; one manually.
(begin (let ((home (or home "/root")))
(call-with-output-file "/etc/shadow" (call-with-output-file "/etc/shadow"
(cut format <> "~a::::::::~%" name)) (cut format <> "~a::::::::~%" name))
(call-with-output-file "/etc/passwd" (call-with-output-file "/etc/passwd"
(cut format <> "~a:x:~a:~a:~a:~a:~a~%" (cut format <> "~a:x:~a:~a:~a:~a:~a~%"
name "0" "0" comment home shell)) name "0" "0" comment home shell))
(chmod "/etc/shadow" #o600) (chmod "/etc/shadow" #o600)
(copy-account-skeletons (or home "/root")) (copy-account-skeletons home)
(chmod home #o700)
#t) #t)
;; Use 'useradd' from the Shadow package. ;; Use 'useradd' from the Shadow package.

View file

@ -199,6 +199,15 @@ (define (user-owned? file)
',users+homes)) ',users+homes))
marionette))) marionette)))
(test-equal "permissions on /root"
#o700
(let ((root-home #$(any (lambda (account)
(and (zero? (user-account-uid account))
(user-account-home-directory
account)))
(operating-system-user-accounts os))))
(stat:perms (marionette-eval `(stat ,root-home) marionette))))
(test-equal "no extra home directories" (test-equal "no extra home directories"
'() '()