diff options
author | Ludovic Courtès <ludo@gnu.org> | 2017-05-30 17:40:39 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-05-30 18:08:37 +0200 |
commit | 41db5a756369f5b14d1e67a523ee0940cad56744 (patch) | |
tree | 4f0aea430e3ebd080ec68357d1f43b6490163643 /gnu/build | |
parent | 151cb9738a1903670acfee8cc28b5a2e441172ce (diff) | |
download | guix-41db5a756369f5b14d1e67a523ee0940cad56744.tar guix-41db5a756369f5b14d1e67a523ee0940cad56744.tar.gz |
activation: Change permissions on /root to #o700.
Reported by Alex Griffin <a@ajgrf.com>.
Fixes <http://bugs.gnu.org/27135>.
* gnu/build/activation.scm (add-user): When UID is zero, add 'chmod'
call.
* gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
Diffstat (limited to 'gnu/build')
-rw-r--r-- | gnu/build/activation.scm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index a1d2a9cc7d..299c0728cb 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -130,14 +130,15 @@ properties. Return #t on success." ;; 'useradd' fails with "Cannot determine your user name" if the root ;; account doesn't exist. Thus, for bootstrapping purposes, create that ;; one manually. - (begin + (let ((home (or home "/root"))) (call-with-output-file "/etc/shadow" (cut format <> "~a::::::::~%" name)) (call-with-output-file "/etc/passwd" (cut format <> "~a:x:~a:~a:~a:~a:~a~%" name "0" "0" comment home shell)) (chmod "/etc/shadow" #o600) - (copy-account-skeletons (or home "/root")) + (copy-account-skeletons home) + (chmod home #o700) #t) ;; Use 'useradd' from the Shadow package. |