aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-07-11 14:02:44 +0200
committerLudovic Courtès <ludo@gnu.org>2014-07-11 23:20:48 +0200
commitda417ffe3b3e06f1e1d8b0217b4b780026d7e3b9 (patch)
treee7c8360d74dbbb559c81641c2915c071cbc38319
parentf1096964735512beacde6ff178a6ada1a14b91d3 (diff)
downloadgnu-guix-da417ffe3b3e06f1e1d8b0217b4b780026d7e3b9.tar
gnu-guix-da417ffe3b3e06f1e1d8b0217b4b780026d7e3b9.tar.gz
system: Allow root to use 'groupadd' & co. without authenticating.
This fixes a bug whereby, if #:allow-root-passwords was #f, 'groupadd' would ask for a password. This is particularly problematic during activation. * gnu/system/linux.scm (rootok-pam-service): New procedure. (base-pam-services): Use it for all the user* and group* commands.
-rw-r--r--gnu/system/linux.scm37
1 files changed, 29 insertions, 8 deletions
diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm
index 5440f5852f..524ad01261 100644
--- a/gnu/system/linux.scm
+++ b/gnu/system/linux.scm
@@ -152,15 +152,36 @@ should be the name of a file used as the message-of-the-day."
(list #~(string-append "motd=" #$motd)))))
(list unix))))))))
+(define (rootok-pam-service command)
+ "Return a PAM service for COMMAND such that 'root' does not need to
+authenticate to run COMMAND."
+ (let ((unix (pam-entry
+ (control "required")
+ (module "pam_unix.so"))))
+ (pam-service
+ (name command)
+ (account (list unix))
+ (auth (list (pam-entry
+ (control "sufficient")
+ (module "pam_rootok.so"))))
+ (password (list unix))
+ (session (list unix)))))
+
(define* (base-pam-services #:key allow-empty-passwords?)
"Return the list of basic PAM services everyone would want."
- (cons %pam-other-services
- (map (cut unix-pam-service <>
- #:allow-empty-passwords? allow-empty-passwords?)
- '("su" "passwd" "sudo"
- "useradd" "userdel" "usermod"
- "groupadd" "groupdel" "groupmod"
- ;; TODO: Add other Shadow programs?
- ))))
+ ;; TODO: Add other Shadow programs?
+ (append (list %pam-other-services)
+
+ ;; These programs are setuid-root.
+ (map (cut unix-pam-service <>
+ #:allow-empty-passwords? allow-empty-passwords?)
+ '("su" "passwd" "sudo"))
+
+ ;; These programs are not setuid-root, and we want root to be able
+ ;; to run them without having to authenticate (notably because
+ ;; 'useradd' and 'groupadd' are run during system activation.)
+ (map rootok-pam-service
+ '("useradd" "userdel" "usermod"
+ "groupadd" "groupdel" "groupmod"))))
;;; linux.scm ends here