services: Explicitly refer to Shadow when requiring the 'nologin' shell.
* gnu/services/avahi.scm (avahi-service): Change 'shell' to a gexp referring to "nologin" in the SHADOW package. * gnu/services/dbus.scm (dbus-service): Likewise. * gnu/services/networking.scm (ntp-service, tor-service): Likewise.
This commit is contained in:
Ludovic Courtès
parent
8e974b9b98
commit
5e25ebe2fa
|
|
@ -20,6 +20,7 @@
|
||||||
#:use-module (gnu services)
|
#:use-module (gnu services)
|
||||||
#:use-module (gnu system shadow)
|
#:use-module (gnu system shadow)
|
||||||
#:use-module (gnu packages avahi)
|
#:use-module (gnu packages avahi)
|
||||||
|
#:use-module (gnu packages admin)
|
||||||
#:use-module (guix monads)
|
#:use-module (guix monads)
|
||||||
#:use-module (guix store)
|
#:use-module (guix store)
|
||||||
#:use-module (guix gexp)
|
#:use-module (guix gexp)
|
||||||
|
|
@ -106,6 +107,6 @@ sockets."
|
||||||
(comment "Avahi daemon user")
|
(comment "Avahi daemon user")
|
||||||
(home-directory "/var/empty")
|
(home-directory "/var/empty")
|
||||||
(shell
|
(shell
|
||||||
"/run/current-system/profile/sbin/nologin"))))))))
|
#~(string-append #$shadow "/sbin/nologin")))))))))
|
||||||
|
|
||||||
;;; avahi.scm ends here
|
;;; avahi.scm ends here
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@
|
||||||
#:use-module (gnu services)
|
#:use-module (gnu services)
|
||||||
#:use-module (gnu system shadow)
|
#:use-module (gnu system shadow)
|
||||||
#:use-module (gnu packages glib)
|
#:use-module (gnu packages glib)
|
||||||
|
#:use-module (gnu packages admin)
|
||||||
#:use-module (guix monads)
|
#:use-module (guix monads)
|
||||||
#:use-module (guix store)
|
#:use-module (guix store)
|
||||||
#:use-module (guix gexp)
|
#:use-module (guix gexp)
|
||||||
|
|
@ -99,7 +100,7 @@ and policy files. For example, to allow avahi-daemon to use the system bus,
|
||||||
(comment "D-Bus system bus user")
|
(comment "D-Bus system bus user")
|
||||||
(home-directory "/var/run/dbus")
|
(home-directory "/var/run/dbus")
|
||||||
(shell
|
(shell
|
||||||
"/run/current-system/profile/sbin/nologin"))))
|
#~(string-append #$shadow "/sbin/nologin")))))
|
||||||
(activate #~(begin
|
(activate #~(begin
|
||||||
(use-modules (guix build utils))
|
(use-modules (guix build utils))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -227,7 +227,7 @@ restrict -6 ::1\n"))
|
||||||
(comment "NTP daemon user")
|
(comment "NTP daemon user")
|
||||||
(home-directory "/var/empty")
|
(home-directory "/var/empty")
|
||||||
(shell
|
(shell
|
||||||
"/run/current-system/profile/sbin/nologin"))))))))
|
#~(string-append #$shadow "/sbin/nologin")))))))))
|
||||||
|
|
||||||
(define* (tor-service #:key (tor tor))
|
(define* (tor-service #:key (tor tor))
|
||||||
"Return a service to run the @uref{https://torproject.org,Tor} daemon.
|
"Return a service to run the @uref{https://torproject.org,Tor} daemon.
|
||||||
|
|
@ -257,7 +257,7 @@ policy) as the @code{tor} unprivileged user."
|
||||||
(comment "Tor daemon user")
|
(comment "Tor daemon user")
|
||||||
(home-directory "/var/empty")
|
(home-directory "/var/empty")
|
||||||
(shell
|
(shell
|
||||||
"/run/current-system/profile/sbin/nologin"))))
|
#~(string-append #$shadow "/sbin/nologin")))))
|
||||||
|
|
||||||
(documentation "Run the Tor anonymous network overlay.")))))
|
(documentation "Run the Tor anonymous network overlay.")))))
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue