From c8fa34265d6612c99fe80adfaa66edaddd4d5b0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 25 Jul 2014 00:12:35 +0200 Subject: [PATCH] system: Add the 'system?' field for user groups. Suggested by Mark H. Weaver. * gnu/system/shadow.scm ()[system?]: New field. (%base-groups): Introduce 'system-group' macro, and use it. * gnu/system.scm (user-group->gexp): Pass the 'system?' field. * guix/build/activation.scm (add-group): Add #:system? and honor it. (activate-users+groups): Handle the 'system?' field. * gnu/system/file-systems.scm (%tty-gid): Choose an ID below 1000. * doc/guix.texi (User Accounts): Document the 'system?' field. --- doc/guix.texi | 4 ++++ gnu/system.scm | 3 ++- gnu/system/file-systems.scm | 2 +- gnu/system/shadow.scm | 42 +++++++++++++++++++++---------------- guix/build/activation.scm | 9 +++++--- 5 files changed, 37 insertions(+), 23 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2060da9c55..cef2aba9a8 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3201,6 +3201,10 @@ The group's name. The group identifier (a number). If @code{#f}, a new number is automatically allocated when the group is created. +@item @code{system?} (default: @code{#f}) +This Boolean value indicates whether the group is a ``system'' group. +System groups have low numerical IDs. + @item @code{password} (default: @code{#f}) What, user groups can have a password? Well, apparently yes. Unless @code{#f}, this field specifies the group's password. diff --git a/gnu/system.scm b/gnu/system.scm index 4648d810a3..68f9438693 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -363,7 +363,8 @@ (define (user-group->gexp group) 'active-groups'." #~(list #$(user-group-name group) #$(user-group-password group) - #$(user-group-id group))) + #$(user-group-id group) + #$(user-group-system? group))) (define (user-account->gexp account) "Turn ACCOUNT, a object, into a list-valued gexp suitable for diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index 3b13d820cf..48c4fc7e77 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -95,7 +95,7 @@ (define %devtmpfs-file-system (define %tty-gid ;; ID of the 'tty' group. Allocate it statically to make it easy to refer ;; to it from here and from the 'tty' group definitions. - 1004) + 996) (define %pseudo-terminal-file-system ;; The pseudo-terminal file system. It needs to be mounted so that diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm index e29dbb8c3e..5d638398d1 100644 --- a/gnu/system/shadow.scm +++ b/gnu/system/shadow.scm @@ -43,6 +43,7 @@ (define-module (gnu system shadow) user-group-name user-group-password user-group-id + user-group-system? default-skeletons skeleton-directory @@ -75,28 +76,33 @@ (define-record-type* user-group? (name user-group-name) (password user-group-password (default #f)) - (id user-group-id (default #f))) + (id user-group-id (default #f)) + (system? user-group-system? ; Boolean + (default #f))) (define %base-groups ;; Default set of groups. - (list (user-group (name "root") (id 0)) - (user-group (name "wheel")) ; root-like users - (user-group (name "users")) ; normal users - (user-group (name "nogroup")) ; for daemons etc. + (let-syntax ((system-group (syntax-rules () + ((_ args ...) + (user-group (system? #t) args ...))))) + (list (system-group (name "root") (id 0)) + (system-group (name "wheel")) ; root-like users + (system-group (name "users")) ; normal users + (system-group (name "nogroup")) ; for daemons etc. - ;; The following groups are conventionally used by things like udev to - ;; control access to hardware devices. - (user-group (name "tty") (id %tty-gid)) - (user-group (name "dialout")) - (user-group (name "kmem")) - (user-group (name "video")) - (user-group (name "audio")) - (user-group (name "netdev")) ; used in avahi-dbus.conf - (user-group (name "lp")) - (user-group (name "disk")) - (user-group (name "floppy")) - (user-group (name "cdrom")) - (user-group (name "tape")))) + ;; The following groups are conventionally used by things like udev to + ;; control access to hardware devices. + (system-group (name "tty") (id %tty-gid)) + (system-group (name "dialout")) + (system-group (name "kmem")) + (system-group (name "video")) + (system-group (name "audio")) + (system-group (name "netdev")) ; used in avahi-dbus.conf + (system-group (name "lp")) + (system-group (name "disk")) + (system-group (name "floppy")) + (system-group (name "cdrom")) + (system-group (name "tape"))))) (define (default-skeletons) "Return the default skeleton files for /etc/skel. These files are copied by diff --git a/guix/build/activation.scm b/guix/build/activation.scm index 9464d2157d..b04b017881 100644 --- a/guix/build/activation.scm +++ b/guix/build/activation.scm @@ -36,13 +36,14 @@ (define-module (guix build activation) ;;; ;;; Code: -(define* (add-group name #:key gid password +(define* (add-group name #:key gid password system? (log-port (current-error-port))) "Add NAME as a user group, with the given numeric GID if specified." ;; Use 'groupadd' from the Shadow package. (format log-port "adding group '~a'...~%" name) (let ((args `(,@(if gid `("-g" ,(number->string gid)) '()) ,@(if password `("-p" ,password) '()) + ,@(if system? `("--system") '()) ,name))) (zero? (apply system* "groupadd" args)))) @@ -128,9 +129,11 @@ (define activate-user ;; Then create the groups. (for-each (match-lambda - ((name password gid) + ((name password gid system?) (unless (false-if-exception (getgrnam name)) - (add-group name #:gid gid #:password password)))) + (add-group name + #:gid gid #:password password + #:system? system?)))) groups) ;; Finally create the other user accounts.