system: Add the 'system?' field for user groups.

Suggested by Mark H. Weaver.

* gnu/system/shadow.scm (<user-group>)[system?]: New field.
  (%base-groups): Introduce 'system-group' macro, and use it.
* gnu/system.scm (user-group->gexp): Pass the 'system?' field.
* guix/build/activation.scm (add-group): Add #:system? and honor it.
  (activate-users+groups): Handle the 'system?' field.
* gnu/system/file-systems.scm (%tty-gid): Choose an ID below 1000.
* doc/guix.texi (User Accounts): Document the 'system?' field.
This commit is contained in:
Ludovic Courtès 2014-07-25 00:12:35 +02:00
parent 931c132a58
commit c8fa34265d
5 changed files with 37 additions and 23 deletions

View File

@ -3201,6 +3201,10 @@ The group's name.
The group identifier (a number). If @code{#f}, a new number is The group identifier (a number). If @code{#f}, a new number is
automatically allocated when the group is created. automatically allocated when the group is created.
@item @code{system?} (default: @code{#f})
This Boolean value indicates whether the group is a ``system'' group.
System groups have low numerical IDs.
@item @code{password} (default: @code{#f}) @item @code{password} (default: @code{#f})
What, user groups can have a password? Well, apparently yes. Unless What, user groups can have a password? Well, apparently yes. Unless
@code{#f}, this field specifies the group's password. @code{#f}, this field specifies the group's password.

View File

@ -363,7 +363,8 @@ alias ll='ls -l'
'active-groups'." 'active-groups'."
#~(list #$(user-group-name group) #~(list #$(user-group-name group)
#$(user-group-password group) #$(user-group-password group)
#$(user-group-id group))) #$(user-group-id group)
#$(user-group-system? group)))
(define (user-account->gexp account) (define (user-account->gexp account)
"Turn ACCOUNT, a <user-account> object, into a list-valued gexp suitable for "Turn ACCOUNT, a <user-account> object, into a list-valued gexp suitable for

View File

@ -95,7 +95,7 @@
(define %tty-gid (define %tty-gid
;; ID of the 'tty' group. Allocate it statically to make it easy to refer ;; ID of the 'tty' group. Allocate it statically to make it easy to refer
;; to it from here and from the 'tty' group definitions. ;; to it from here and from the 'tty' group definitions.
1004) 996)
(define %pseudo-terminal-file-system (define %pseudo-terminal-file-system
;; The pseudo-terminal file system. It needs to be mounted so that ;; The pseudo-terminal file system. It needs to be mounted so that

View File

@ -43,6 +43,7 @@
user-group-name user-group-name
user-group-password user-group-password
user-group-id user-group-id
user-group-system?
default-skeletons default-skeletons
skeleton-directory skeleton-directory
@ -75,28 +76,33 @@
user-group? user-group?
(name user-group-name) (name user-group-name)
(password user-group-password (default #f)) (password user-group-password (default #f))
(id user-group-id (default #f))) (id user-group-id (default #f))
(system? user-group-system? ; Boolean
(default #f)))
(define %base-groups (define %base-groups
;; Default set of groups. ;; Default set of groups.
(list (user-group (name "root") (id 0)) (let-syntax ((system-group (syntax-rules ()
(user-group (name "wheel")) ; root-like users ((_ args ...)
(user-group (name "users")) ; normal users (user-group (system? #t) args ...)))))
(user-group (name "nogroup")) ; for daemons etc. (list (system-group (name "root") (id 0))
(system-group (name "wheel")) ; root-like users
(system-group (name "users")) ; normal users
(system-group (name "nogroup")) ; for daemons etc.
;; The following groups are conventionally used by things like udev to ;; The following groups are conventionally used by things like udev to
;; control access to hardware devices. ;; control access to hardware devices.
(user-group (name "tty") (id %tty-gid)) (system-group (name "tty") (id %tty-gid))
(user-group (name "dialout")) (system-group (name "dialout"))
(user-group (name "kmem")) (system-group (name "kmem"))
(user-group (name "video")) (system-group (name "video"))
(user-group (name "audio")) (system-group (name "audio"))
(user-group (name "netdev")) ; used in avahi-dbus.conf (system-group (name "netdev")) ; used in avahi-dbus.conf
(user-group (name "lp")) (system-group (name "lp"))
(user-group (name "disk")) (system-group (name "disk"))
(user-group (name "floppy")) (system-group (name "floppy"))
(user-group (name "cdrom")) (system-group (name "cdrom"))
(user-group (name "tape")))) (system-group (name "tape")))))
(define (default-skeletons) (define (default-skeletons)
"Return the default skeleton files for /etc/skel. These files are copied by "Return the default skeleton files for /etc/skel. These files are copied by

View File

@ -36,13 +36,14 @@
;;; ;;;
;;; Code: ;;; Code:
(define* (add-group name #:key gid password (define* (add-group name #:key gid password system?
(log-port (current-error-port))) (log-port (current-error-port)))
"Add NAME as a user group, with the given numeric GID if specified." "Add NAME as a user group, with the given numeric GID if specified."
;; Use 'groupadd' from the Shadow package. ;; Use 'groupadd' from the Shadow package.
(format log-port "adding group '~a'...~%" name) (format log-port "adding group '~a'...~%" name)
(let ((args `(,@(if gid `("-g" ,(number->string gid)) '()) (let ((args `(,@(if gid `("-g" ,(number->string gid)) '())
,@(if password `("-p" ,password) '()) ,@(if password `("-p" ,password) '())
,@(if system? `("--system") '())
,name))) ,name)))
(zero? (apply system* "groupadd" args)))) (zero? (apply system* "groupadd" args))))
@ -128,9 +129,11 @@ numeric gid or #f."
;; Then create the groups. ;; Then create the groups.
(for-each (match-lambda (for-each (match-lambda
((name password gid) ((name password gid system?)
(unless (false-if-exception (getgrnam name)) (unless (false-if-exception (getgrnam name))
(add-group name #:gid gid #:password password)))) (add-group name
#:gid gid #:password password
#:system? system?))))
groups) groups)
;; Finally create the other user accounts. ;; Finally create the other user accounts.