https://codeberg.org/guix/guix/issues/3925 raised the inabilityy of the
subordinate IDs service of handling externally managed sub{u,g}id file
entries. This patch relaxes the checks in place for existing ranges,
by allowing subid-range records lower than %subordinate-id-min, leaving
all the space from subid 0 to %subordinate-id-min - 1 to external
users. Generic ranges are still allocated within %subordinate-id-min and
%subordinate-id-max.
* gnu/build/accounts.scm (<unused-id-range>)[min]: Change default value
to 0, allowing subid-ranges with a start lesser than
%subordinate-id-min.
(allocate-generic-range): Allocate generic ranges starting from
%subordinate-id-min, leaving ranges starting before %subordinate-id-min.
(allocate-specific-range): Move bounds check to...
(allocate-subids): ...here. Now bound validation is applied only to user
provided ranges.
* tests/accounts.scm: Test new behavior.
Fixes: guix/guix#3925
Change-Id: Id923b122c97a20f148684f5fb144fd9422810612
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4235
This commit adds allocation logic for subid ranges. Subid ranges are
ranges of contiguous subids that are mapped to a user in the host
system. This patch implements a flexible allocation algorithm allowing
users that do not want (or need) to specify details of the subid ranges
that they are requesting to avoid doing so, while upholding requests of
users that need to have specific ranges.
* gnu/build/accounts.scm (%subordinate-id-min): New variable;
(%subordinate-id-max): new variable;
(%subordinate-id-count): new variable;
(subordinate-id?): new variable;
(&subordinate-id-error): new variable;
(&subordinate-id-overflow-error): new variable;
(&illegal-subid-range-error): new variable;
(&specific-subid-range-expected-error): new variable;
(&generic-subid-range-expected-error): new variable;
(within-interval?): new variable;
(allocate-unused-range): new variable;
(allocate-generic-range): new variable;
(allocate-specific-range): new variable;
(reserve-subids): new variable;
(range->entry): new variable;
(entry->range): new variable;
(allocate-subids): new variable;
(subuid+subgid-databases): new variable.
* gnu/system/accounts.scm (subid-range-end): New variable;
(subid-range-has-start?): new variable;
(subid-range-less): new variable.
* test/accounts.scm: Test them.
Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d
Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit adds a new record type, <subid-entry> and serializers
and deserializers for it in (gnu build accounts). Each instance of this
record represents one line in either /etc/subuid or /etc/subgid. Since
Shadow uses the same representation for both files, it should be ok if
we do it as well.
This commit adds also <subid-range>, a user facing representation of
<subid-entry>. It is supposed to be usable directly in OS configurations.
* gnu/build/accounts.scm (subid-entry): New record;
(write-subgid): add serializer for subgids;
(write-subuid): add serializer for subuids;
(read-subgid): add serializer for subgids;
(read-subuid): add serializer for subuids.
* gnu/system/accounts.scm (subid-range): New record.
* test/accounts.scm: Test them.
Change-Id: I6b037e40e354c069bf556412bb5b626bd3ea1b2c
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
When adding multiple instances of a service requiring some user
account/group, we could end up with multiple entries for that account or
group in /etc/passwd or /etc/group.
* gnu/build/accounts.scm (database-writer)[write-entries]: Add call to
'delete-duplicates'.
* tests/accounts.scm ("write-passwd with duplicate entry"): New test.
Suggested by Florian Pelz <pelzflorian@pelzflorian.de>
in <http://bugs.gnu.org/35996>.
* gnu/build/accounts.scm (%password-lock-file): New variable.
* gnu/build/activation.scm (activate-users+groups): Wrap calls to
'user+group-databases', 'write-group', etc. into 'with-file-lock'.
Starting from commit 0ae735bcc8, Guix
System would preserve the user shell across reconfigure and reboot.
This was done so as to allow for the use of 'chsh'.
This proved to be a misguided decision. This commit goes back to
considering user shells as config and not "state."
* gnu/build/accounts.scm (allocate-passwd): Do not use shell from
PREVIOUS.
