02/05: activation: Change permissions on /root to #o700.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/05: activation: Change permissions on /root to #o700.

From:	Ludovic Court�s
Subject:	02/05: activation: Change permissions on /root to #o700.
Date:	Tue, 30 May 2017 12:08:50 -0400 (EDT)

civodul pushed a commit to branch master
in repository guix.

commit 41db5a756369f5b14d1e67a523ee0940cad56744
Author: Ludovic Courtès <address@hidden>
Date:   Tue May 30 17:40:39 2017 +0200

    activation: Change permissions on /root to #o700.
    
    Reported by Alex Griffin <address@hidden>.
    Fixes <http://bugs.gnu.org/27135>.
    
    * gnu/build/activation.scm (add-user): When UID is zero, add 'chmod'
    call.
    * gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
---
 gnu/build/activation.scm | 5 +++--
 gnu/tests/base.scm       | 9 +++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index a1d2a9c..299c072 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -130,14 +130,15 @@ properties.  Return #t on success."
       ;; 'useradd' fails with "Cannot determine your user name" if the root
       ;; account doesn't exist.  Thus, for bootstrapping purposes, create that
       ;; one manually.
-      (begin
+      (let ((home (or home "/root")))
         (call-with-output-file "/etc/shadow"
           (cut format <> "~a::::::::~%" name))
         (call-with-output-file "/etc/passwd"
           (cut format <> "~a:x:~a:~a:~a:~a:~a~%"
                name "0" "0" comment home shell))
         (chmod "/etc/shadow" #o600)
-        (copy-account-skeletons (or home "/root"))
+        (copy-account-skeletons home)
+        (chmod home #o700)
         #t)
 
       ;; Use 'useradd' from the Shadow package.
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index e5ac320..f5bbfaf 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -199,6 +199,15 @@ info --version")
                          ',users+homes))
                marionette)))
 
+          (test-equal "permissions on /root"
+            #o700
+            (let ((root-home #$(any (lambda (account)
+                                      (and (zero? (user-account-uid account))
+                                           (user-account-home-directory
+                                            account)))
+                                    (operating-system-user-accounts os))))
+              (stat:perms (marionette-eval `(stat ,root-home) marionette))))
+
           (test-equal "no extra home directories"
             '()

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (294739b -> ed2b7cb), Ludovic Court�s, 2017/05/30
- 01/05: git-download: Fix 'git-predicate' to use absolute paths., Ludovic Court�s, 2017/05/30
- 04/05: daemon: Report hash mismatches in a cleaner way., Ludovic Court�s, 2017/05/30
- 03/05: doc: Move the NGinx service configuration documentation together., Ludovic Court�s, 2017/05/30
- 05/05: gnu: Add 'git-remote-gcrypt' package, Ludovic Court�s, 2017/05/30
- 02/05: activation: Change permissions on /root to #o700., Ludovic Court�s <=

Prev by Date: 05/05: gnu: Add 'git-remote-gcrypt' package
Next by Date: branch master updated (ed2b7cb -> 6e82fb2)
Previous by thread: 05/05: gnu: Add 'git-remote-gcrypt' package
Next by thread: branch master updated (ed2b7cb -> 6e82fb2)
Index(es):
- Date
- Thread