diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2015-04-08 21:23:45 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2015-04-08 21:41:04 +0200 |
| commit | 9bea87a542d52bcaedfb4febb01bbe94b69934cf (patch) | |
| tree | b2ae82d333192193753367399f442c69c2cc40cb /doc | |
| parent | a231ef7eec3246ed9e0ed3ec99eba4be334f635a (diff) | |
| download | guix-9bea87a542d52bcaedfb4febb01bbe94b69934cf.tar guix-9bea87a542d52bcaedfb4febb01bbe94b69934cf.tar.gz | |
activation: Remove undeclared user accounts and groups.
Fixes <http://bugs.gnu.org/19795>.
Reported by David Thompson <dthompson2@worcester.edu>.
* gnu/build/activation.scm (enumerate, current-users, current-groups,
delete-user, delete-group): New procedures.
(activate-users+groups): Add calls to 'delete-user' and
'delete-group'.
* doc/guix.texi (User Accounts): Add a paragraph about statelessness.
Explain that passwords are preserved.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guix.texi | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 70604b7603..c0af4cb722 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4238,7 +4238,9 @@ command, from the same-named package. This relies on the @node User Accounts @subsection User Accounts -User accounts are specified with the @code{user-account} form: +User accounts and groups are entirely managed through the +@code{operating-system} declaration. They are specified with the +@code{user-account} and @code{user-group} forms: @example (user-account @@ -4252,6 +4254,14 @@ User accounts are specified with the @code{user-account} form: (home-directory "/home/alice")) @end example +When booting or upon completion of @command{guix system reconfigure}, +the system ensures that only the user accounts and groups specified in +the @code{operating-system} declaration exist, and with the specified +properties. Thus, account or group creations or modifications made by +directly invoking commands such as @command{useradd} are lost upon +reconfiguration or reboot. This ensures that the system remains exactly +as declared. + @deftp {Data Type} user-account Objects of this type represent user accounts. The following members may be specified: @@ -4291,7 +4301,9 @@ graphical login managers do not list them. @item @code{password} (default: @code{#f}) You would normally leave this field to @code{#f}, initialize user passwords as @code{root} with the @command{passwd} command, and then let -users change it with @command{passwd}. +users change it with @command{passwd}. Passwords set with +@command{passwd} are of course preserved across reboot and +reconfiguration. If you @emph{do} want to have a preset password for an account, then this field must contain the encrypted password, as a string. |