activation: Ensure existing user accounts have the right settings.

* gnu/build/activation.scm (modify-user, ensure-user): New procedures.
  (activate-users+groups): Systematically call 'ensure-user'.
This commit is contained in:
Ludovic Courtès 2014-09-22 10:10:08 +02:00
parent 5f36ea03ad
commit e2b464b7f4
1 changed files with 42 additions and 16 deletions

View File

@ -88,6 +88,33 @@ properties. Return #t on success."
,name))) ,name)))
(zero? (apply system* "useradd" args))))) (zero? (apply system* "useradd" args)))))
(define* (modify-user name group
#:key uid comment home shell password system?
(supplementary-groups '())
(log-port (current-error-port)))
"Modify user account NAME to have all the given settings."
;; Use 'usermod' from the Shadow package.
(let ((args `(,@(if uid `("-u" ,(number->string uid)) '())
"-g" ,(if (number? group) (number->string group) group)
,@(if (pair? supplementary-groups)
`("-G" ,(string-join supplementary-groups ","))
'())
,@(if comment `("-c" ,comment) '())
;; Don't use '--move-home', so ignore HOME.
,@(if shell `("-s" ,shell) '())
,name)))
(zero? (apply system* "usermod" args))))
(define* (ensure-user name group
#:key uid comment home shell password system?
(supplementary-groups '())
(log-port (current-error-port))
#:rest rest)
"Make sure user NAME exists and has the relevant settings."
(if (false-if-exception (getpwnam name))
(apply modify-user name group rest)
(apply add-user name group rest)))
(define (activate-users+groups users groups) (define (activate-users+groups users groups)
"Make sure the accounts listed in USERS and the user groups listed in GROUPS "Make sure the accounts listed in USERS and the user groups listed in GROUPS
are all available. are all available.
@ -101,23 +128,22 @@ numeric gid or #f."
(define activate-user (define activate-user
(match-lambda (match-lambda
((name uid group supplementary-groups comment home shell password system?) ((name uid group supplementary-groups comment home shell password system?)
(unless (false-if-exception (getpwnam name)) (let ((profile-dir (string-append "/var/guix/profiles/per-user/"
(let ((profile-dir (string-append "/var/guix/profiles/per-user/" name)))
name))) (ensure-user name group
(add-user name group #:uid uid
#:uid uid #:system? system?
#:system? system? #:supplementary-groups supplementary-groups
#:supplementary-groups supplementary-groups #:comment comment
#:comment comment #:home home
#:home home #:shell shell
#:shell shell #:password password)
#:password password)
(unless system? (unless system?
;; Create the profile directory for the new account. ;; Create the profile directory for the new account.
(let ((pw (getpwnam name))) (let ((pw (getpwnam name)))
(mkdir-p profile-dir) (mkdir-p profile-dir)
(chown profile-dir (passwd:uid pw) (passwd:gid pw))))))))) (chown profile-dir (passwd:uid pw) (passwd:gid pw))))))))
;; 'groupadd' aborts if the file doesn't already exist. ;; 'groupadd' aborts if the file doesn't already exist.
(touch "/etc/group") (touch "/etc/group")