system: hurd: Add PAM support with shadow and sudo.

* gnu/system.scm (hurd-default-essential-services): Add setuid-program-service-type. * gnu/system/hurd.scm (%base-packages/hurd): Add shadow, sudo. (%setuid-programs/hurd): New variable. (%hurd-default-operating-system)[setuid-program]: Use it. [pam-services, sudoers-file]: Remove overrides; enabling regular defaults. * gnu/system/examples/bare-hurd.tmpl (%hurd-os)[users]: New field. [services]: Do not disable PAM in SSH.
2025-10-02 02:15:12 +00:00 · 2020-10-09 22:55:46 +02:00 · 2020-10-09 22:55:46 +02:00 · 16f8ea064c
commit 16f8ea064c
parent f08587682a
3 changed files with 24 additions and 7 deletions
--- a/gnu/system/hurd.scm
+++ b/gnu/system/hurd.scm
@ -42,7 +42,8 @@
  #:export (%base-packages/hurd
            %base-services/hurd
            %hurd-default-operating-system
-            %hurd-default-operating-system-kernel))
+            %hurd-default-operating-system-kernel
+            %setuid-programs/hurd))

 ;;; Commentary:
 ;;;
@ -62,7 +63,7 @@
 (define %base-packages/hurd
  (list hurd bash coreutils file findutils grep sed
        guile-3.0 guile-colorized guile-readline
-        net-base inetutils less shepherd which))
+        net-base inetutils less shadow shepherd sudo which))

 (define %base-services/hurd
  (list (service hurd-console-service-type
@ -86,6 +87,17 @@
                 `(("/bin/sh" ,(file-append bash "/bin/sh"))
                   ("/usr/bin/env" ,(file-append coreutils "/bin/env"))))))

+(define %setuid-programs/hurd
+  ;; Default set of setuid-root programs.
+  (list (file-append shadow "/bin/passwd")
+        (file-append shadow "/bin/sg")
+        (file-append shadow "/bin/su")
+        (file-append shadow "/bin/newgrp")
+        (file-append shadow "/bin/newuidmap")
+        (file-append shadow "/bin/newgidmap")
+        (file-append sudo "/bin/sudo")
+        (file-append sudo "/bin/sudoedit")))
+
 (define %hurd-default-operating-system
  (operating-system
    (kernel %hurd-default-operating-system-kernel)
@ -103,6 +115,4 @@
    (timezone "GNUrope")
    (name-service-switch #f)
    (essential-services (hurd-default-essential-services this-operating-system))
-    (pam-services '())
-    (setuid-programs '())
-    (sudoers-file #f)))
+    (setuid-programs %setuid-programs/hurd)))