activation: Shared system home directories are now 555 and root-owned.

Fixes <https://bugs.gnu.org/34788>.
Reported by Jack Hill <jackhill@jackhill.us>.

Regression introduced by the combination of
8bb76f3d44 and
0ae735bcc8: /var/empty would be 700 and
owned by one of the system accounts (thus inaccessible to others), and
/var/run/dbus would be 700 as well, thereby preventing D-Bus clients
from connecting to the daemon.

* gnu/build/activation.scm (duplicates): New procedure.
(activate-users+groups)[system-accounts]: New variable.
Use it.  Make shared system account home directories #o555 and
root-owned.
* gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755.
* gnu/tests/base.scm (run-basic-test): Test the ownership and
permissions of /var/empty.

gnu/services/dbus.scm

@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -150,7 +150,11 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in
 
       (let ((user (getpwnam "messagebus")))
         (chown "/var/run/dbus"
-               (passwd:uid user) (passwd:gid user)))
+               (passwd:uid user) (passwd:gid user))
+
+        ;; This directory contains the daemon's socket so it must be
+        ;; world-readable.
+        (chmod "/var/run/dbus" #o755))
 
       (unless (file-exists? "/etc/machine-id")
         (format #t "creating /etc/machine-id...~%")