system: Allow 'chfn' to change the user's full name.

Fixes <https://issues.guix.gnu.org/52539>. Reported by Jacob First <jacob.first@member.fsf.org>. * gnu/build/accounts.scm (allocate-passwd): Add comment as to why 'real-name' is taken from PREVIOUS. Add (not system?) to the condition. * gnu/system.scm (operating-system-etc-service) <login.defs>: Add "CHFN_RESTRICT". * gnu/system.scm (%setuid-programs): Add "chfn". * gnu/system/pam.scm (base-pam-services): Add "chfn". * doc/guix.texi (User Accounts): Document it.
2025-10-02 02:15:12 +00:00 · 2021-12-31 17:45:12 +01:00 · 2021-12-31 17:45:12 +01:00 · 671e6a8180
commit 671e6a8180
parent 806a4e986d
4 changed files with 20 additions and 5 deletions
--- a/gnu/build/accounts.scm
+++ b/gnu/build/accounts.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -490,7 +490,11 @@ new UIDs."
                               (uid id)
                               (directory directory)
                               (gid (if (number? group) group (group-id group)))
-                               (real-name (if previous
+
+                               ;; Users might change their name to something
+                               ;; other than what the sysadmin chose, with
+                               ;; 'chfn'.  Thus consider it "stateful".
+                               (real-name (if (and previous (not system?))
                                              (password-entry-real-name previous)
                                              real-name))