[bug#73767] [PATCH v2 1/2] gnu: system: Privilege programs after creating accounts.

[Dariqq]

Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.

Fixes https://issues.guix.gnu.org/73680.

* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.

Change-Id: I662fb1eff42e4088496fccb76e0efbf2b1da096e
---
 gnu/system.scm | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/gnu/system.scm b/gnu/system.scm
index 44f93f91d1..c19730b331 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -809,6 +809,11 @@ (define (operating-system-default-essential-services os)
            %shepherd-root-service
 
            (pam-root-service (operating-system-pam-services os))
+           ;; Make sure that privileged-programs activation script
+           ;; runs after accounts are created
+           (service privileged-program-service-type
+                    (append (operating-system-privileged-programs os)
+                            (operating-system-setuid-programs os)))
            (account-service (append (operating-system-accounts os)
                                     (operating-system-groups os))
                             (operating-system-skeletons os))
@@ -826,9 +831,6 @@ (define (operating-system-default-essential-services os)
             (operating-system-environment-variables os))
            (service host-name-service-type host-name)
            procs root-fs
-           (service privileged-program-service-type
-                    (append (operating-system-privileged-programs os)
-                            (operating-system-setuid-programs os)))
            (service profile-service-type
                     (operating-system-packages os))
            boot-fs non-boot-fs
@@ -850,6 +852,11 @@ (define (hurd-default-essential-services os)
           (service shepherd-root-service-type)
 
           (service user-processes-service-type)
+          ;; Make sure that privileged-programs activation script
+          ;; runs after accounts are created
+          (service privileged-program-service-type
+                   (append (operating-system-privileged-programs os)
+                           (operating-system-setuid-programs os)))
           (account-service (append (operating-system-accounts os)
                                    (operating-system-groups os))
                            (operating-system-skeletons os))
@@ -866,9 +873,6 @@ (define (hurd-default-essential-services os)
                               (list `("hosts" ,hosts-file)))
               (service hosts-service-type
                        (local-host-entries host-name)))
-          (service privileged-program-service-type
-                   (append (operating-system-privileged-programs os)
-                           (operating-system-setuid-programs os)))
           (service profile-service-type (operating-system-packages os)))))
 
 (define* (operating-system-services os)

base-commit: 061e0acd596262420facef7c2d1fc9cc4327d75a
-- 
2.46.0