[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/15: system: Allow 'chfn' to change the user's full name.
From: |
guix-commits |
Subject: |
01/15: system: Allow 'chfn' to change the user's full name. |
Date: |
Sat, 1 Jan 2022 09:13:13 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 671e6a81804f264ddcdd6fe7579644404da079b8
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Fri Dec 31 17:45:12 2021 +0100
system: Allow 'chfn' to change the user's full name.
Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
---
doc/guix.texi | 5 +++++
gnu/build/accounts.scm | 8 ++++++--
gnu/system.scm | 8 +++++++-
gnu/system/pam.scm | 4 ++--
4 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index ebfcfee7f7..354eead02b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -15387,6 +15387,11 @@ account is created.
@item @code{comment} (default: @code{""})
A comment about the account, such as the account owner's full name.
+Note that, for non-system accounts, users are free to change their real
+name as it appears in @file{/etc/passwd} using the @command{chfn}
+command. When they do, their choice prevails over the system
+administrator's choice; reconfiguring does @emph{not} change their name.
+
@item @code{home-directory}
This is the name of the home directory for the account.
diff --git a/gnu/build/accounts.scm b/gnu/build/accounts.scm
index f60d68d9b3..1247fc640c 100644
--- a/gnu/build/accounts.scm
+++ b/gnu/build/accounts.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019, 2021 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -490,7 +490,11 @@ new UIDs."
(uid id)
(directory directory)
(gid (if (number? group) group (group-id
group)))
- (real-name (if previous
+
+ ;; Users might change their name to something
+ ;; other than what the sysadmin chose, with
+ ;; 'chfn'. Thus consider it "stateful".
+ (real-name (if (and previous (not system?))
(password-entry-real-name
previous)
real-name))
diff --git a/gnu/system.scm b/gnu/system.scm
index 088c62ddde..cc925de16f 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -913,7 +913,12 @@ the /etc directory."
"/run/current-system/profile/sbin\n"
"ENV_SUPATH /run/setuid-programs:"
"/run/current-system/profile/bin:"
- "/run/current-system/profile/sbin\n")))
+ "/run/current-system/profile/sbin\n"
+
+ "\n"
+ "# Allow 'chfn' to change the full name,\n"
+ "# room number, and so on.\n"
+ "CHFN_RESTRICT frwh\n")))
(hurd (operating-system-hurd os))
(issue (plain-file "issue" (operating-system-issue os)))
@@ -1158,6 +1163,7 @@ deprecated; use 'setuid-program' instead~%"))
(let ((shadow (@ (gnu packages admin) shadow)))
(map file-like->setuid-program
(list (file-append shadow "/bin/passwd")
+ (file-append shadow "/bin/chfn")
(file-append shadow "/bin/sg")
(file-append shadow "/bin/su")
(file-append shadow "/bin/newgrp")
diff --git a/gnu/system/pam.scm b/gnu/system/pam.scm
index a31daada59..2574e019f1 100644
--- a/gnu/system/pam.scm
+++ b/gnu/system/pam.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès
<ludo@gnu.org>
+;;; Copyright © 2013-2017, 2019-2021 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -285,7 +285,7 @@ authenticate to run COMMAND."
;; These programs are setuid-root.
(map (cut unix-pam-service <>
#:allow-empty-passwords? allow-empty-passwords?)
- '("passwd" "sudo"))
+ '("passwd" "chfn" "sudo"))
;; This is setuid-root, as well. Allow root to run "su" without
;; authenticating.
(list (unix-pam-service "su"
- branch master updated (806a4e986d -> f39d594e88), guix-commits, 2022/01/01
- 10/15: gnu: Add go-github-com-alecthomas-template, guix-commits, 2022/01/01
- 02/15: gnu: Add go-github-com-percent, guix-commits, 2022/01/01
- 15/15: gnu: go-github-com-androiddnsfix: Rewrite synopsis and description., guix-commits, 2022/01/01
- 07/15: gnu: Add go-github-com-aws-aws-sdk-go, guix-commits, 2022/01/01
- 12/15: gnu: Add go-github-com-kingpin, guix-commits, 2022/01/01
- 11/15: gnu: Add go-github-com-alecthomas-units, guix-commits, 2022/01/01
- 01/15: system: Allow 'chfn' to change the user's full name.,
guix-commits <=
- 05/15: gnu: Add go-github-com-99designs-go-keyring, guix-commits, 2022/01/01
- 09/15: gnu: Add go-open-golang, guix-commits, 2022/01/01
- 03/15: gnu: Add go-github-com-dvsekhvalnov-jose2go, guix-commits, 2022/01/01
- 08/15: gnu: Add go-gopkg-in-ini, guix-commits, 2022/01/01
- 14/15: gnu: ragel: Fix build of knot on aarch64-linux., guix-commits, 2022/01/01
- 04/15: gnu: Add go-github-com-go-libsecret, guix-commits, 2022/01/01
- 06/15: gnu: Add go-github-com-androiddnsfix, guix-commits, 2022/01/01
- 13/15: gnu: Add aws-vault, guix-commits, 2022/01/01