system: 'sudoers' is now a file-like object.
Partly fixes <http://bugs.gnu.org/20720> Reported by Alex Kost <alezost@gmail.com>. * gnu/system.scm (etc-directory): Change default #:sudoers value to a 'plain-file'. Don't bind it. Remove #~#$. (maybe-string->file): New procedure. (operating-system-etc-directory): Use it. (%sudoers-specification): Use 'plain-file'. * doc/guix.texi (operating-system Reference): Adjust accordingly.
This commit is contained in:
parent
343eacbec9
commit
847658395e
@ -4556,7 +4556,8 @@ List of string-valued G-expressions denoting setuid programs.
|
|||||||
|
|
||||||
@item @code{sudoers} (default: @var{%sudoers-specification})
|
@item @code{sudoers} (default: @var{%sudoers-specification})
|
||||||
@cindex sudoers
|
@cindex sudoers
|
||||||
The contents of the @file{/etc/sudoers} file as a string.
|
The contents of the @file{/etc/sudoers} file as a file-like object
|
||||||
|
(@pxref{G-Expressions, @code{local-file} and @code{plain-file}}).
|
||||||
|
|
||||||
This file specifies which users can use the @command{sudo} command, what
|
This file specifies which users can use the @command{sudo} command, what
|
||||||
they are allowed to do, and what privileges they may gain. The default
|
they are allowed to do, and what privileges they may gain. The default
|
||||||
|
@ -25,6 +25,7 @@
|
|||||||
#:use-module (guix packages)
|
#:use-module (guix packages)
|
||||||
#:use-module (guix derivations)
|
#:use-module (guix derivations)
|
||||||
#:use-module (guix profiles)
|
#:use-module (guix profiles)
|
||||||
|
#:use-module (guix ui)
|
||||||
#:use-module (gnu packages base)
|
#:use-module (gnu packages base)
|
||||||
#:use-module (gnu packages bash)
|
#:use-module (gnu packages bash)
|
||||||
#:use-module (gnu packages guile)
|
#:use-module (gnu packages guile)
|
||||||
@ -147,7 +148,7 @@
|
|||||||
(setuid-programs operating-system-setuid-programs
|
(setuid-programs operating-system-setuid-programs
|
||||||
(default %setuid-programs)) ; list of string-valued gexps
|
(default %setuid-programs)) ; list of string-valued gexps
|
||||||
|
|
||||||
(sudoers operating-system-sudoers ; /etc/sudoers contents
|
(sudoers operating-system-sudoers ; file-like
|
||||||
(default %sudoers-specification)))
|
(default %sudoers-specification)))
|
||||||
|
|
||||||
|
|
||||||
@ -439,11 +440,10 @@ on SHELLS. /etc/shells is used by xterm, polkit, and other programs."
|
|||||||
(pam-services '())
|
(pam-services '())
|
||||||
(profile "/run/current-system/profile")
|
(profile "/run/current-system/profile")
|
||||||
hosts-file nss (shells '())
|
hosts-file nss (shells '())
|
||||||
(sudoers ""))
|
(sudoers (plain-file "sudoers" "")))
|
||||||
"Return a derivation that builds the static part of the /etc directory."
|
"Return a derivation that builds the static part of the /etc directory."
|
||||||
(mlet* %store-monad
|
(mlet* %store-monad
|
||||||
((pam.d (pam-services->directory pam-services))
|
((pam.d (pam-services->directory pam-services))
|
||||||
(sudoers (text-file "sudoers" sudoers))
|
|
||||||
(login.defs (text-file "login.defs" "# Empty for now.\n"))
|
(login.defs (text-file "login.defs" "# Empty for now.\n"))
|
||||||
(shells (shells-file shells))
|
(shells (shells-file shells))
|
||||||
(emacs (emacs-site-directory))
|
(emacs (emacs-site-directory))
|
||||||
@ -540,7 +540,7 @@ fi\n"))
|
|||||||
("hosts" ,#~#$hosts-file)
|
("hosts" ,#~#$hosts-file)
|
||||||
("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/"
|
("localtime" ,#~(string-append #$tzdata "/share/zoneinfo/"
|
||||||
#$timezone))
|
#$timezone))
|
||||||
("sudoers" ,#~#$sudoers)))))
|
("sudoers" ,sudoers)))))
|
||||||
|
|
||||||
(define (operating-system-profile os)
|
(define (operating-system-profile os)
|
||||||
"Return a derivation that builds the system profile of OS."
|
"Return a derivation that builds the system profile of OS."
|
||||||
@ -570,6 +570,21 @@ fi\n"))
|
|||||||
(return (append users
|
(return (append users
|
||||||
(append-map service-user-accounts services)))))
|
(append-map service-user-accounts services)))))
|
||||||
|
|
||||||
|
(define (maybe-string->file file-name thing)
|
||||||
|
"If THING is a string, return a <plain-file> with THING as its content.
|
||||||
|
Otherwise just return THING.
|
||||||
|
|
||||||
|
This is for backward-compatibility of fields that used to be strings and are
|
||||||
|
now file-like objects.."
|
||||||
|
(match thing
|
||||||
|
((? string?)
|
||||||
|
(warning (_ "using a string for file '~a' is deprecated; \
|
||||||
|
use 'plain-file' instead~%")
|
||||||
|
file-name)
|
||||||
|
(plain-file file-name thing))
|
||||||
|
(x
|
||||||
|
x)))
|
||||||
|
|
||||||
(define (operating-system-etc-directory os)
|
(define (operating-system-etc-directory os)
|
||||||
"Return that static part of the /etc directory of OS."
|
"Return that static part of the /etc directory of OS."
|
||||||
(mlet* %store-monad
|
(mlet* %store-monad
|
||||||
@ -591,7 +606,9 @@ fi\n"))
|
|||||||
#:timezone (operating-system-timezone os)
|
#:timezone (operating-system-timezone os)
|
||||||
#:hosts-file /etc/hosts
|
#:hosts-file /etc/hosts
|
||||||
#:shells shells
|
#:shells shells
|
||||||
#:sudoers (operating-system-sudoers os)
|
#:sudoers (maybe-string->file
|
||||||
|
"sudoers"
|
||||||
|
(operating-system-sudoers os))
|
||||||
#:profile profile-drv)))
|
#:profile profile-drv)))
|
||||||
|
|
||||||
(define %setuid-programs
|
(define %setuid-programs
|
||||||
@ -608,8 +625,9 @@ fi\n"))
|
|||||||
;; group can do anything. See
|
;; group can do anything. See
|
||||||
;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>.
|
;; <http://www.sudo.ws/sudo/man/1.8.10/sudoers.man.html>.
|
||||||
;; TODO: Add a declarative API.
|
;; TODO: Add a declarative API.
|
||||||
"root ALL=(ALL) ALL
|
(plain-file "sudoers" "\
|
||||||
%wheel ALL=(ALL) ALL\n")
|
root ALL=(ALL) ALL
|
||||||
|
%wheel ALL=(ALL) ALL\n"))
|
||||||
|
|
||||||
(define (user-group->gexp group)
|
(define (user-group->gexp group)
|
||||||
"Turn GROUP, a <user-group> object, into a list-valued gexp suitable for
|
"Turn GROUP, a <user-group> object, into a list-valued gexp suitable for
|
||||||
|
Loading…
Reference in New Issue
Block a user