[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: gnu: system: Export %sudoers-specification.
From: |
guix-commits |
Subject: |
branch master updated: gnu: system: Export %sudoers-specification. |
Date: |
Tue, 17 Mar 2020 23:02:04 -0400 |
This is an automated email from the git hooks/post-receive script.
apteryx pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new f6b9503 gnu: system: Export %sudoers-specification.
f6b9503 is described below
commit f6b950319cb41822e2b3f1b55357037da433e1df
Author: Maxim Cournoyer <address@hidden>
AuthorDate: Tue Mar 17 22:10:40 2020 -0400
gnu: system: Export %sudoers-specification.
Exporting this variable allows reusing the default value of the
`sudoers-file'
field when configuring it.
* gnu/system.scm (gnu): Export %sudoers-specification.
* doc/guix.texi (Invoking guix deploy): Document an example, to use with
'guix
deploy'.
---
doc/guix.texi | 24 ++++++++++++++++++++++--
gnu/system.scm | 1 +
2 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index a0920ad..086b1d9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -26996,8 +26996,28 @@ login over SSH may be forbidden in some cases. To
work around this,
@command{guix deploy} can log in as an unprivileged user and employ
@code{sudo} to escalate privileges. This will only work if @code{sudo} is
currently installed on the remote and can be invoked non-interactively as
-@code{user}. That is: the line in @code{sudoers} granting @code{user} the
-ability to use @code{sudo} must contain the @code{NOPASSWD} tag.
+@code{user}. That is, the line in @code{sudoers} granting @code{user} the
+ability to use @code{sudo} must contain the @code{NOPASSWD} tag. This can
+be accomplished with the following operating system configuration snippet:
+
+@lisp
+(use-modules ...
+ (gnu system) ;for %sudoers-specification))
+
+(define %user "username")
+
+(operating-system
+ ...
+ (sudoers-file
+ (plain-file "sudoers"
+ (string-append (plain-file-content %sudoers-specification)
+ (format #f "~a ALL = NOPASSWD: ALL~%"
+ %username)))))
+
+@end lisp
+
+For more information regarding the format of the @file{sudoers} file,
+consult @command{man sudoers}.
@deftp {Data Type} machine
This is the data type representing a single machine in a heterogeneous Guix
diff --git a/gnu/system.scm b/gnu/system.scm
index cfc730a..06c58c2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -138,6 +138,7 @@
local-host-aliases
%root-account
%setuid-programs
+ %sudoers-specification
%base-packages
%base-firmware))
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: gnu: system: Export %sudoers-specification.,
guix-commits <=