branch master updated: gnu: system: Export %sudoers-specification.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: gnu: system: Export %sudoers-specification.

From:	guix-commits
Subject:	branch master updated: gnu: system: Export %sudoers-specification.
Date:	Tue, 17 Mar 2020 23:02:04 -0400

This is an automated email from the git hooks/post-receive script.

apteryx pushed a commit to branch master
in repository guix.

The following commit(s) were added to refs/heads/master by this push:
     new f6b9503  gnu: system: Export %sudoers-specification.
f6b9503 is described below

commit f6b950319cb41822e2b3f1b55357037da433e1df
Author: Maxim Cournoyer <address@hidden>
AuthorDate: Tue Mar 17 22:10:40 2020 -0400

    gnu: system: Export %sudoers-specification.
    
    Exporting this variable allows reusing the default value of the 
`sudoers-file'
    field when configuring it.
    
    * gnu/system.scm (gnu): Export %sudoers-specification.
    * doc/guix.texi (Invoking guix deploy): Document an example, to use with 
'guix
    deploy'.
---
 doc/guix.texi  | 24 ++++++++++++++++++++++--
 gnu/system.scm |  1 +
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index a0920ad..086b1d9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -26996,8 +26996,28 @@ login over SSH may be forbidden in some cases.  To 
work around this,
 @command{guix deploy} can log in as an unprivileged user and employ
 @code{sudo} to escalate privileges.  This will only work if @code{sudo} is
 currently installed on the remote and can be invoked non-interactively as
-@code{user}.  That is: the line in @code{sudoers} granting @code{user} the
-ability to use @code{sudo} must contain the @code{NOPASSWD} tag.
+@code{user}.  That is, the line in @code{sudoers} granting @code{user} the
+ability to use @code{sudo} must contain the @code{NOPASSWD} tag.  This can
+be accomplished with the following operating system configuration snippet:
+
+@lisp
+(use-modules ...
+             (gnu system)               ;for %sudoers-specification))
+
+(define %user "username")
+
+(operating-system
+  ...
+  (sudoers-file
+     (plain-file "sudoers"
+                 (string-append (plain-file-content %sudoers-specification)
+                                (format #f "~a ALL = NOPASSWD: ALL~%"
+                                        %username)))))
+
+@end lisp
+
+For more information regarding the format of the @file{sudoers} file,
+consult @command{man sudoers}.
 
 @deftp {Data Type} machine
 This is the data type representing a single machine in a heterogeneous Guix
diff --git a/gnu/system.scm b/gnu/system.scm
index cfc730a..06c58c2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -138,6 +138,7 @@
             local-host-aliases
             %root-account
             %setuid-programs
+            %sudoers-specification
             %base-packages
             %base-firmware))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: gnu: system: Export %sudoers-specification., guix-commits <=

Prev by Date: 13/13: gnu: r-imager: Use HTTPS home page.
Next by Date: branch master updated (f6b9503 -> 6794653)
Previous by thread: branch master updated (b8930fd -> ce9fc7e)
Next by thread: branch master updated (f6b9503 -> 6794653)
Index(es):
- Date
- Thread