diff --git a/system/ids.nix b/system/ids.nix index 08b387feabec..90fcda5199d9 100644 --- a/system/ids.nix +++ b/system/ids.nix @@ -13,6 +13,7 @@ gids = { root = 0; + haldaemon = 5; users = 100; nixbld = 30000; nogroup = 65534; diff --git a/system/users-groups.nix b/system/users-groups.nix index dc51fceaec4a..62c2a9d626d5 100644 --- a/system/users-groups.nix +++ b/system/users-groups.nix @@ -48,20 +48,30 @@ rec { # System groups. systemGroups = - [ - { name = "root"; - gid = ids.gids.root; - } - { name = "nogroup"; - gid = ids.gids.nogroup; - } - { name = "users"; - gid = ids.gids.users; - } - { name = "nixbld"; - gid = ids.gids.nixbld; - } - ]; + let + jobGroups = pkgs.lib.concatLists (map (job: job.groups) upstartJobs.jobs); + + defaultGroups = + [ + { name = "root"; + gid = ids.gids.root; + } + { name = "nogroup"; + gid = ids.gids.nogroup; + } + { name = "users"; + gid = ids.gids.users; + } + { name = "nixbld"; + gid = ids.gids.nixbld; + } + ]; + + addAttrs = + { name, gid ? "" }: + { inherit name gid; }; + + in map addAttrs (defaultGroups ++ jobGroups); # Awful hackery necessary to pass the users/groups to the activation script. diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index e4a804ba3a2b..6e12233c97bd 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -87,7 +87,7 @@ import ../upstart-jobs/gather.nix { # Name service cache daemon. (import ../upstart-jobs/nscd.nix { - inherit (pkgs) glibc pwdutils; + inherit (pkgs) glibc; inherit nssModulesPath; }) @@ -128,7 +128,7 @@ import ../upstart-jobs/gather.nix { # SSH daemon. ++ optional ["services" "sshd" "enable"] (import ../upstart-jobs/sshd.nix { - inherit (pkgs) writeText openssh glibc pwdutils; + inherit (pkgs) writeText openssh glibc; inherit (pkgs.xorg) xauth; inherit nssModulesPath; forwardX11 = config.get ["services" "sshd" "forwardX11"]; @@ -139,7 +139,7 @@ import ../upstart-jobs/gather.nix { ++ optional ["services" "ntp" "enable"] (import ../upstart-jobs/ntpd.nix { inherit modprobe; - inherit (pkgs) ntp glibc pwdutils writeText; + inherit (pkgs) ntp glibc writeText; servers = config.get ["services" "ntp" "servers"]; }) @@ -159,14 +159,14 @@ import ../upstart-jobs/gather.nix { ++ optional ["services" "httpd" "enable"] (import ../upstart-jobs/httpd.nix { inherit config pkgs; - inherit (pkgs) glibc pwdutils; + inherit (pkgs) glibc; }) # Samba service. ++ optional ["services" "samba" "enable"] (import ../upstart-jobs/samba.nix { inherit pkgs; - inherit (pkgs) glibc pwdutils samba; + inherit (pkgs) glibc samba; }) # CUPS (printing) daemon. diff --git a/upstart-jobs/hal.nix b/upstart-jobs/hal.nix index 097722d0641d..0770ba3ce317 100644 --- a/upstart-jobs/hal.nix +++ b/upstart-jobs/hal.nix @@ -1,11 +1,5 @@ {stdenv, hal}: -let - - homeDir = "/var/run/dbus"; - -in - { name = "hal"; @@ -13,7 +7,12 @@ in { name = "haldaemon"; uid = (import ../system/ids.nix).uids.haldaemon; description = "HAL daemon user"; -# home = homeDir; + } + ]; + + groups = [ + { name = "haldaemon"; + gid = (import ../system/ids.nix).gids.haldaemon; } ]; diff --git a/upstart-jobs/httpd.nix b/upstart-jobs/httpd.nix index 1dcd6b1ba71a..864b0ee9bdf2 100644 --- a/upstart-jobs/httpd.nix +++ b/upstart-jobs/httpd.nix @@ -1,4 +1,4 @@ -{config, pkgs, glibc, pwdutils}: +{config, pkgs, glibc}: let @@ -86,6 +86,11 @@ in description = "Apache httpd user"; } ]; + + groups = [ + { name = group; + } + ]; job = " description \"Apache HTTPD\" @@ -94,10 +99,6 @@ start on network-interfaces/started stop on network-interfaces/stop start script - if ! ${glibc}/bin/getent group ${group} > /dev/null; then - ${pwdutils}/sbin/groupadd ${group} - fi - ${webServer}/bin/control prepare end script diff --git a/upstart-jobs/make-job.nix b/upstart-jobs/make-job.nix index f6841ad26a1b..faffc0cdcfff 100644 --- a/upstart-jobs/make-job.nix +++ b/upstart-jobs/make-job.nix @@ -22,4 +22,7 @@ # Allow jobs to declare user accounts that should be created. users = if job ? users then job.users else []; + + # Allow jobs to declare groups that should be created. + groups = if job ? groups then job.groups else []; } diff --git a/upstart-jobs/nscd.nix b/upstart-jobs/nscd.nix index b2a01cc5c4d4..c88c219c63b8 100644 --- a/upstart-jobs/nscd.nix +++ b/upstart-jobs/nscd.nix @@ -1,4 +1,4 @@ -{glibc, pwdutils, nssModulesPath}: +{glibc, nssModulesPath}: { name = "nscd"; diff --git a/upstart-jobs/ntpd.nix b/upstart-jobs/ntpd.nix index 1cd1c9eb7b5a..d03d6a2cf7f6 100644 --- a/upstart-jobs/ntpd.nix +++ b/upstart-jobs/ntpd.nix @@ -1,4 +1,4 @@ -{ntp, modprobe, glibc, pwdutils, writeText, servers}: +{ntp, modprobe, glibc, writeText, servers}: let diff --git a/upstart-jobs/samba.nix b/upstart-jobs/samba.nix index 69a9b51c4a29..fa4cbf70859e 100644 --- a/upstart-jobs/samba.nix +++ b/upstart-jobs/samba.nix @@ -1,4 +1,4 @@ -{pkgs, samba, glibc, pwdutils}: +{pkgs, samba, glibc}: let @@ -17,6 +17,11 @@ in } ]; + groups = [ + { name = group; + } + ]; + job = " description \"Samba Service\" @@ -26,10 +31,6 @@ stop on network-interfaces/stop start script - if ! ${glibc}/bin/getent group ${group} > /dev/null; then - ${pwdutils}/sbin/groupadd ${group} - fi - ${samba}/sbin/nmbd -D & ${samba}/sbin/smbd -D & ${samba}/sbin/winbindd -B & diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix index d5b4da33c21c..4e3ac2b7d021 100644 --- a/upstart-jobs/sshd.nix +++ b/upstart-jobs/sshd.nix @@ -1,4 +1,4 @@ -{ writeText, openssh, glibc, pwdutils, xauth +{ writeText, openssh, glibc, xauth , nssModulesPath , forwardX11, allowSFTP }: