mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-15 09:23:37 +00:00
29c5178bdf
list of user accounts that the job needs to run. For instance, the SSH daemon job says: { name = "sshd"; uid = (import ../system/ids.nix).uids.sshd; description = "SSH privilege separation user"; home = "/var/empty"; } The activation script creates the system users/groups and updates them as well. So a change in the Nix expression can be realised in /etc/{group,passwd} by running nixos-rebuild. svn path=/nixos/trunk/; revision=8846
61 lines
1.6 KiB
Bash
61 lines
1.6 KiB
Bash
cat "$2" | while true; do
|
|
read name || break
|
|
read gid
|
|
|
|
if ! curEnt=$(getent group "$name"); then
|
|
echo "creating group $name..."
|
|
groupadd --system \
|
|
"$name" \
|
|
${gid:+--gid $gid}
|
|
else
|
|
echo "updating group $name..."
|
|
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
|
prevGid=$3
|
|
if test "$prevGid" != "$gid"; then
|
|
groupmod "$name" --gid $gid
|
|
fi
|
|
fi
|
|
done
|
|
|
|
|
|
cat "$1" | while true; do
|
|
read name || break
|
|
read description
|
|
read uid
|
|
read group
|
|
read extraGroups
|
|
read home
|
|
read shell
|
|
|
|
if ! curEnt=$(getent passwd "$name"); then
|
|
echo "creating user $name..."
|
|
useradd --system \
|
|
"$name" \
|
|
--comment "$description" \
|
|
${uid:+--uid $uid} \
|
|
--gid "$group" \
|
|
--groups "$extraGroups" \
|
|
--home "$home" \
|
|
--shell "$shell"
|
|
else
|
|
echo "updating user $name..."
|
|
oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
|
|
prevUid=$3
|
|
prevHome=$6
|
|
# Don't change the UID if it's the same, otherwise usermod
|
|
# will complain.
|
|
if test "$prevUid" = "$uid"; then unset uid; fi
|
|
# Don't change the home directory if it's the same to prevent
|
|
# unnecessary warnings about logged in users.
|
|
if test "$prevHome" = "$home"; then unset home; fi
|
|
usermod \
|
|
"$name" \
|
|
--comment "$description" \
|
|
${uid:+--uid $uid} \
|
|
--gid "$group" \
|
|
--groups "$extraGroups" \
|
|
${home:+--home "$home"} \
|
|
--shell "$shell"
|
|
fi
|
|
done
|