3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

13 commits

Author SHA1 Message Date
Silvan Mosberger 23d920c8f0
nixos/users: Increase maximum system uid/gid from 499 to 999
This enlarges the system uid/gid range 6-fold, from 100 to 600 ids. This
is a preventative measure against running out of dynamically allocated
ids for NixOS services with isSystemUser, which should become the
preferred way of allocating uids for non-real users.
2019-10-14 01:59:19 +02:00
Matthew Bauer fc565c1b9d nixos/update-users-groups.pl: chomp hashedPassword
We don’t want any trailing whitespace, otherwise we mess up the
formating of the shadow file. Some things like readFile may have the
trailing new line.

Fixes #66745
2019-08-25 23:42:31 -04:00
Eelco Dolstra a57bcd38b4
update-users-groups.pl: Keep track of deallocated UIDs/GIDs
When a user or group is revived, this allows it to be allocated the
UID/GID it had before.

A consequence is that UIDs and GIDs are no longer reused.

Fixes #24010.
2017-03-29 18:13:18 +02:00
Franz Pletz 9ea35eae7a
nixos/users-groups: chown home on createHome
Fixes #23619.
2017-03-08 00:29:20 +01:00
Domen Kožar e561edc322 update-users-groups.pl: correctly guard duplicate uids for declarative users
Verified that following nixos configuration:

    users.users.foo = {
      uid = 1000;
      name = "foo";
    };
    users.users.bar = {
      name = "bar";
    };

Before this commit both users will get uid of 1000, after it's applied
bar will correctly get 1001.
2016-08-30 17:14:14 +02:00
Bjørn Forsman 6e528893a8 nixos/update-users-groups.pl: print UIDs and GIDs
Instead of showing this output from "nixos-rebuild switch":

  warning: not applying GID change of group ‘munin’
  warning: not applying UID change of user ‘ntp’

print this:

  warning: not applying GID change of group ‘munin’ (95 -> 102)
  warning: not applying UID change of user ‘ntp’ (3 -> 179)

This makes it possible for users to take action and fixup the UIDs/GIDs
that NixOS won't touch.
2016-07-01 13:13:46 +02:00
Eelco Dolstra 16cf3ee9da Ensure that the home directory exists even if the user already exists 2015-02-24 11:57:38 +01:00
Rüdiger Sonderfeld fa1cec1037 update-users-groups.pl: Use UTF-8 instead of latin1.
Perl seems to write the file in latin1 independent of the actual input
encoding.  This can corrupt the "description" field of /etc/passwd.  By
setting "binmode" to ":utf8" Perl can be forced to write UTF-8.  Ideally
the program would simply read/write the fields by value without any
changes in encoding.  However, assuming/enforcing UTF-8 is a lot better
than using an obsolete coding like latin1.
2014-11-08 19:25:17 +01:00
Eelco Dolstra 3696536115 Handle removing a password if mutableUsers = false 2014-11-03 12:32:27 +01:00
Eelco Dolstra 1b53a3fcb7 Add initialPassword and initialHashedPassword options
These are like password and hashedPassword, except that they only
apply when the user is initially created.
2014-11-03 12:32:19 +01:00
Eelco Dolstra a9f5e77e2f update-users-groups.pl: Generate hashed passwords internally
I.e. don't call "passwd" to update /etc/shadow from the "password"
option. This has the side-effect of not updating the password if
mutableUsers = true (since the code path for "hashedPassword" has a
check for mutableUsers).

Fixes #4747.
2014-10-31 17:42:09 +01:00
Eelco Dolstra 6dc5db3850 Fix setting an empty password 2014-08-18 17:12:56 +02:00
Eelco Dolstra 1a75958be5 Unify mutableUsers = { true, false }
With mutableUsers = true, we now ensure that all users and groups that
were created declaratively, are updated or removed
appropriately. Thus, adding a user to users.extraUsers and then
removing it now causes the acoount to be removed from
/etc/passwd. Thus user/group management is fully congruent except that
users and groups that were created imperatively (via useradd/groupadd)
are not touched. We distinguish between declarative and imperative
users/groups by tracking the former in
/var/lib/nixos/declarative-{groups,users}.

With mutableUsers = false, you are now no longer required to specify
UIDs/GIDs for all users. The handling of mutableUsers = true/false is
the same code path; the only difference is that the "false" mode
ignores the existing contents of /etc/{passwd,group}.

The attribute ‘createUser’ is gone. It doesn't really make sense to
specify users that shouldn't be created.
2014-08-15 02:15:29 +02:00