Commit graph

18 commits

Author SHA1 Message Date
Eelco Dolstra
29c5178bdf * Declarative specification of user accounts. Jobs can now specify a
list of user accounts that the job needs to run.  For instance, the
  SSH daemon job says:

    { name = "sshd";
      uid = (import ../system/ids.nix).uids.sshd;
      description = "SSH privilege separation user";
      home = "/var/empty";
    }

  The activation script creates the system users/groups and updates
  them as well.  So a change in the Nix expression can be realised in
  /etc/{group,passwd} by running nixos-rebuild.

svn path=/nixos/trunk/; revision=8846
2007-06-08 15:41:12 +00:00
Eelco Dolstra
6c529fac77 * Very naughty of me not to use -boot-info-table. Now I know better.
svn path=/nixos/trunk/; revision=7875
2007-02-07 15:23:19 +00:00
Eelco Dolstra
241b28d101 * Register everything in the Nix store on the installation CD as a
substitute to speed up installation.

svn path=/nixos/trunk/; revision=7783
2007-01-23 17:17:10 +00:00
Eelco Dolstra
c56d3a8ce4 * Actually put the manifest on the CD.
svn path=/nixos/trunk/; revision=7780
2007-01-23 16:48:27 +00:00
Eelco Dolstra
995b749f70 * Put a nix-pull manifest of the Nix store on the CD.
svn path=/nixos/trunk/; revision=7777
2007-01-23 15:08:00 +00:00
Eelco Dolstra
d197a0f2cc * Use the Perl version of paths-from-graphs everywhere.
svn path=/nixos/trunk/; revision=7774
2007-01-23 14:37:42 +00:00
Eelco Dolstra
903a64c87d * Some things are best done in Perl.
svn path=/nixos/trunk/; revision=7773
2007-01-23 14:34:44 +00:00
Eelco Dolstra
668c146e33 * Doh! Make sure that we put *only* splash_helper in the initrd and
not all of splashutils, otherwise we get Glibc in the initrd.

svn path=/nixos/trunk/; revision=7771
2007-01-23 13:44:41 +00:00
Eelco Dolstra
8d09b9066c * Purity: don't access /etc/modules.conf.
svn path=/nixos/trunk/; revision=7467
2006-12-22 23:51:18 +00:00
Eelco Dolstra
87e2456814 * Use getenv/useradd.
svn path=/nixos/trunk/; revision=7382
2006-12-18 15:48:29 +00:00
Eelco Dolstra
3e7f4280df * activate-configuration.sh: make sure that we're running on a NixOS
installation to prevent horrible accidents.
* Add the kernel parameters to isolinux.cfg.
* Use useradd/groupadd to create users/groups; use Glibc's getent to
  check for existence.
* Create the root account properly.

svn path=/nixos/trunk/; revision=7357
2006-12-16 21:48:12 +00:00
Eelco Dolstra
f049c35a86 * More semi-purification of /etc.
svn path=/nixos/trunk/; revision=7290
2006-12-09 02:51:42 +00:00
Eelco Dolstra
ec764b7c08 * Helper script to check for and create accounts.
svn path=/nixos/trunk/; revision=7171
2006-11-29 23:10:22 +00:00
Eelco Dolstra
a66bae7b2f * Strip.
svn path=/nixos/trunk/; revision=7164
2006-11-28 17:40:56 +00:00
Eelco Dolstra
39ac293b58 * Create setuid wrappers for a few programs (su and passwd). This is
still a bit ad hoc, but it works.

svn path=/nixos/trunk/; revision=7163
2006-11-28 17:34:27 +00:00
Eelco Dolstra
cba92bbdf1 * First step towards setuid/setgid support: a setuid/setgid wrapper
program.

  The Nix store cannot directly support setuid binaries for a number
  of reasons:

  - Builds are generally not performed as root (and they shouldn't
    be), so the builder cannot chown/chmod executables to the right
    setuid ownership.

  - Unpacking a NAR archive containing a setuid binary would only work
    when Nix is run as root.

  - Worst of all, setuid binaries don't fit in the purely functional
    model: if a security bug is discovered in a setuid binary, that
    binary should be removed from the system to prevent users from
    calling it.  But we cannot garbage collect it unless all
    references to it are gone, which might never happen.  Of course,
    we could just remove setuid permission, but that would also be
    impure.

  So the solution is to keep setuid-ness out of the Nix store.
  Rather, for programs that we want to execute as setuid, we generate
  wrapper programs (as root) that are setuid and do an execve() to
  call the real, non-setuid program in the Nix store.

  That's what setuid-wrapper does.  It determines its own name (e.g.,
  /var/setuid-wrappers/passwd), reads the name of the wrapped program
  from <self>.real (e.g., /var/setuid-wrappers/passwd.real, which
  might contain /nix/var/nix/profiles/system/bin/passwd), and executes
  it.  Thus, the non-setuid passwd in the Nix store would be executed
  with the effective user set to root.

  Setuid-wrapper also performs a few security checks to prevent it
  from reading a fake <self>.real file through hard-linking tricks.

svn path=/nixos/trunk/; revision=7157
2006-11-28 13:36:27 +00:00
Eelco Dolstra
5c89e891df * Refactoring.
svn path=/nixos/trunk/; revision=7156
2006-11-28 10:45:21 +00:00
Eelco Dolstra
0817c307dc * Moving stuff around.
svn path=/nixos/trunk/; revision=7155
2006-11-27 19:49:05 +00:00