activation: Change permissions on /root to #o700.

Reported by Alex Griffin <a@ajgrf.com>. Fixes <http://bugs.gnu.org/27135>. * gnu/build/activation.scm (add-user): When UID is zero, add 'chmod' call. * gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
2017-05-30 17:40:39 +02:00 · 2017-05-30 17:40:39 +02:00 · 41db5a7563
parent 151cb9738a
commit 41db5a7563
2 changed files with 12 additions and 2 deletions
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@ -130,14 +130,15 @@ properties.  Return #t on success."
      ;; 'useradd' fails with "Cannot determine your user name" if the root
      ;; account doesn't exist.  Thus, for bootstrapping purposes, create that
      ;; one manually.
-      (begin
+      (let ((home (or home "/root")))
        (call-with-output-file "/etc/shadow"
          (cut format <> "~a::::::::~%" name))
        (call-with-output-file "/etc/passwd"
          (cut format <> "~a:x:~a:~a:~a:~a:~a~%"
               name "0" "0" comment home shell))
        (chmod "/etc/shadow" #o600)
-        (copy-account-skeletons (or home "/root"))
+        (copy-account-skeletons home)
+        (chmod home #o700)
        #t)

      ;; Use 'useradd' from the Shadow package.
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@ -199,6 +199,15 @@ info --version")
                         ',users+homes))
               marionette)))

+          (test-equal "permissions on /root"
+            #o700
+            (let ((root-home #$(any (lambda (account)
+                                      (and (zero? (user-account-uid account))
+                                           (user-account-home-directory
+                                            account)))
+                                    (operating-system-user-accounts os))))
+              (stat:perms (marionette-eval `(stat ,root-home) marionette))))
+
          (test-equal "no extra home directories"
            '()