gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/systemd-sysusers: only create systemusers

Browse Source 
systemd-sysusers cannot create normal users (i.e. with a UID > 1000).
Thus we stop trying an explitily only use systemd-sysusers when there
are no normal users on the system (e.g. appliances).
This commit is contained in:
nikstur
2024-07-19 17:03:22 +02:00
parent 2441226673
commit d43e323b4a
3 changed files with 57 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
nixos/tests/systemd-sysusers-mutable.nix
View File

@@ -2,8 +2,8 @@
let
rootPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
normaloPassword = "hello";
newNormaloPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
sysuserPassword = "hello";
newSysuserPassword = "$y$j9T$p6OI0WN7.rSfZBOijjRdR.$xUOA2MTcB48ac.9Oc5fz8cxwLv1mMqabnn333iOzSA6";
in
{
@@ -24,15 +24,19 @@ in
# Override the empty root password set by the test instrumentation
users.users.root.hashedPasswordFile = lib.mkForce null;
users.users.root.initialHashedPassword = rootPassword;
users.users.normalo = {
isNormalUser = true;
initialPassword = normaloPassword;
users.users.sysuser = {
isSystemUser = true;
group = "wheel";
home = "/sysuser";
initialPassword = sysuserPassword;
};
specialisation.new-generation.configuration = {
users.users.new-normalo = {
isNormalUser = true;
initialHashedPassword = newNormaloPassword;
users.users.new-sysuser = {
isSystemUser = true;
group = "wheel";
home = "/new-sysuser";
initialHashedPassword = newSysuserPassword;
};
};
};
@@ -43,7 +47,7 @@ in
with subtest("systemd-sysusers.service contains the credentials"):
sysusers_service = machine.succeed("systemctl cat systemd-sysusers.service")
print(sysusers_service)
assert "SetCredential=passwd.plaintext-password.normalo:${normaloPassword}" in sysusers_service
assert "SetCredential=passwd.plaintext-password.sysuser:${sysuserPassword}" in sysusers_service
with subtest("Correct mode on the password files"):
assert machine.succeed("stat -c '%a' /etc/passwd") == "644\n"
@@ -55,17 +59,17 @@ in
print(machine.succeed("getent passwd root"))
assert "${rootPassword}" in machine.succeed("getent shadow root"), "root user password is not correct"
with subtest("normalo user is created"):
print(machine.succeed("getent passwd normalo"))
assert machine.succeed("stat -c '%U' /home/normalo") == "normalo\n"
with subtest("sysuser user is created"):
print(machine.succeed("getent passwd sysuser"))
assert machine.succeed("stat -c '%U' /sysuser") == "sysuser\n"
machine.succeed("/run/current-system/specialisation/new-generation/bin/switch-to-configuration switch")
with subtest("new-normalo user is created after switching to new generation"):
print(machine.succeed("getent passwd new-normalo"))
assert machine.succeed("stat -c '%U' /home/new-normalo") == "new-normalo\n"
assert "${newNormaloPassword}" in machine.succeed("getent shadow new-normalo"), "new-normalo user password is not correct"
with subtest("new-sysuser user is created after switching to new generation"):
print(machine.succeed("getent passwd new-sysuser"))
assert machine.succeed("stat -c '%U' /new-sysuser") == "new-sysuser\n"
assert "${newSysuserPassword}" in machine.succeed("getent shadow new-sysuser"), "new-sysuser user password is not correct"
'';
}