01/03: system: hurd: Add PAM support with shadow and sudo.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/03: system: hurd: Add PAM support with shadow and sudo.

From:	guix-commits
Subject:	01/03: system: hurd: Add PAM support with shadow and sudo.
Date:	Fri, 9 Oct 2020 17:26:28 -0400 (EDT)

janneke pushed a commit to branch master
in repository guix.

commit 16f8ea064cde3ee4ef36212cdbdef90e98ba6914
Author: Jan (janneke) Nieuwenhuizen <janneke@gnu.org>
AuthorDate: Fri Oct 9 22:55:46 2020 +0200

    system: hurd: Add PAM support with shadow and sudo.
    
    * gnu/system.scm (hurd-default-essential-services): Add
    setuid-program-service-type.
    * gnu/system/hurd.scm (%base-packages/hurd): Add shadow, sudo.
    (%setuid-programs/hurd): New variable.
    (%hurd-default-operating-system)[setuid-program]: Use it.
    [pam-services, sudoers-file]: Remove overrides; enabling regular defaults.
    * gnu/system/examples/bare-hurd.tmpl (%hurd-os)[users]: New field.
    [services]: Do not disable PAM in SSH.
---
 gnu/system.scm                     |  2 ++
 gnu/system/examples/bare-hurd.tmpl |  9 +++++++--
 gnu/system/hurd.scm                | 20 +++++++++++++++-----
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/gnu/system.scm b/gnu/system.scm
index 3f4a006..ab1b0ff 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -634,6 +634,8 @@ bookkeeping."
                            (operating-system-file-systems os)))
           (pam-root-service (operating-system-pam-services os))
           (operating-system-etc-service os)
+          (service setuid-program-service-type
+                   (operating-system-setuid-programs os))
           (service profile-service-type (operating-system-packages os)))))
 
 (define* (operating-system-services os)
diff --git a/gnu/system/examples/bare-hurd.tmpl 
b/gnu/system/examples/bare-hurd.tmpl
index 414a937..e4b795f 100644
--- a/gnu/system/examples/bare-hurd.tmpl
+++ b/gnu/system/examples/bare-hurd.tmpl
@@ -40,15 +40,20 @@
                         %base-file-systems))
     (host-name "guixygnu")
     (timezone "Europe/Amsterdam")
+    (users (cons (user-account
+                  (name "guix")
+                  (comment "Anonymous Hurd Hacker")
+                  (group "users")
+                  (supplementary-groups '("wheel")))
+                 %base-user-accounts))
     (packages (cons openssh-sans-x %base-packages/hurd))
     (services (cons (service openssh-service-type
                              (openssh-configuration
                               (openssh openssh-sans-x)
-                              (use-pam? #f)
                               (port-number 2222)
                               (permit-root-login #t)
                               (allow-empty-passwords? #t)
                               (password-authentication? #t)))
-               %base-services/hurd))))
+                    %base-services/hurd))))
 
 %hurd-os
diff --git a/gnu/system/hurd.scm b/gnu/system/hurd.scm
index 80fffe8..767a624 100644
--- a/gnu/system/hurd.scm
+++ b/gnu/system/hurd.scm
@@ -42,7 +42,8 @@
   #:export (%base-packages/hurd
             %base-services/hurd
             %hurd-default-operating-system
-            %hurd-default-operating-system-kernel))
+            %hurd-default-operating-system-kernel
+            %setuid-programs/hurd))
 
 ;;; Commentary:
 ;;;
@@ -62,7 +63,7 @@
 (define %base-packages/hurd
   (list hurd bash coreutils file findutils grep sed
         guile-3.0 guile-colorized guile-readline
-        net-base inetutils less shepherd which))
+        net-base inetutils less shadow shepherd sudo which))
 
 (define %base-services/hurd
   (list (service hurd-console-service-type
@@ -86,6 +87,17 @@
                  `(("/bin/sh" ,(file-append bash "/bin/sh"))
                    ("/usr/bin/env" ,(file-append coreutils "/bin/env"))))))
 
+(define %setuid-programs/hurd
+  ;; Default set of setuid-root programs.
+  (list (file-append shadow "/bin/passwd")
+        (file-append shadow "/bin/sg")
+        (file-append shadow "/bin/su")
+        (file-append shadow "/bin/newgrp")
+        (file-append shadow "/bin/newuidmap")
+        (file-append shadow "/bin/newgidmap")
+        (file-append sudo "/bin/sudo")
+        (file-append sudo "/bin/sudoedit")))
+
 (define %hurd-default-operating-system
   (operating-system
     (kernel %hurd-default-operating-system-kernel)
@@ -103,6 +115,4 @@
     (timezone "GNUrope")
     (name-service-switch #f)
     (essential-services (hurd-default-essential-services 
this-operating-system))
-    (pam-services '())
-    (setuid-programs '())
-    (sudoers-file #f)))
+    (setuid-programs %setuid-programs/hurd)))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (f085876 -> d56d79b), guix-commits, 2020/10/09
- 03/03: system: hurd: Add diffutils, patch, gawk, tar, gzip, bzip2, xz, and lzip., guix-commits, 2020/10/09
- 02/03: system: hurd: Include 'guile-3.0-latest' in '%base-packages/hurd'., guix-commits, 2020/10/09
- 01/03: system: hurd: Add PAM support with shadow and sudo., guix-commits <=

Prev by Date: 02/03: system: hurd: Include 'guile-3.0-latest' in '%base-packages/hurd'.
Next by Date: branch master updated (f085876 -> d56d79b)
Previous by thread: 02/03: system: hurd: Include 'guile-3.0-latest' in '%base-packages/hurd'.
Next by thread: branch master updated: Revert "gnu: guix: Update to commit 5918cb5."
Index(es):
- Date
- Thread