diff options
author | Shea Levy <shea@shealevy.com> | 2014-02-07 09:57:28 -0500 |
---|---|---|
committer | Shea Levy <shea@shealevy.com> | 2014-02-07 09:57:28 -0500 |
commit | e058de164252314ff6deab948e4ec9a5db0986f5 (patch) | |
tree | 488fd7366812ad26392af0e135aea03bcd219b75 /nixos | |
parent | 5b243ad01550aaa452ed42d08ee66aa682c07937 (diff) | |
download | nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.tar nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.tar.gz nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.tar.bz2 nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.tar.lz nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.tar.xz nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.tar.zst nixlib-e058de164252314ff6deab948e4ec9a5db0986f5.zip |
Add option to enforce uniqueness of uids/gids (on by default)
Signed-off-by: Shea Levy <shea@shealevy.com>
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 20ec1bda2810..f70e8c292c41 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -252,6 +252,17 @@ let mv -f $1.tmp $1 ''; + idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }: + let + id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set)); + exists = builtins.hasAttr id acc; + newAcc = acc // (builtins.listToAttrs [ { name = id; value = true; } ]); + in if dup then args else if exists + then builtins.trace "Duplicate ${idAttr} ${id}" { dup = true; acc = null; } + else { dup = false; acc = newAcc; } + ) { dup = false; acc = {}; } (builtins.attrNames set)).dup; + uidsAreUnique = idsAreUnique cfg.extraUsers "uid"; + gidsAreUnique = idsAreUnique cfg.extraGroups "gid"; in { @@ -282,6 +293,14 @@ in ''; }; + users.enforceIdUniqueness = mkOption { + type = types.bool; + default = true; + description = '' + Whether to require that no two users/groups share the same uid/gid. + ''; + }; + users.extraUsers = mkOption { default = {}; type = types.loaOf types.optionSet; @@ -432,6 +451,8 @@ in # for backwards compatibility system.activationScripts.groups = stringAfter [ "users" ] ""; + assertions = [ { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique); message = "uids and gids must be unique!"; } ]; + }; } |