diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-08-31 17:40:53 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-08-31 21:19:58 +0200 |
| commit | eea14360656ac837a3b38eaa364f450fa22de9e0 (patch) | |
| tree | 5f423344f9bc2aba831aabadd983a4740a975d43 | |
| parent | b3b484389fdd2ea50bc673a2289d6d8ef037b483 (diff) | |
| download | koszko-org-server-eea14360656ac837a3b38eaa364f450fa22de9e0.tar.gz koszko-org-server-eea14360656ac837a3b38eaa364f450fa22de9e0.zip | |
Prevent creation of /home/<name> directories for system users
| -rw-r--r-- | container.scm | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/container.scm b/container.scm index 2896c3f..046a8c1 100644 --- a/container.scm +++ b/container.scm @@ -30,7 +30,8 @@ (use-package-modules web python version-control - mail) + mail + admin) (use-service-modules web shepherd certbot @@ -595,12 +596,18 @@ exim_path = /run/setuid-programs/exim (group "exim") (supplementary-groups '("certsaccess")) (uid 106) - (system? #t)) + (system? #t) + (comment "Exim daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) (user-account (name "httpd") (group "httpd") (supplementary-groups '("gitolite3" "certsaccess")) - (system? #t)) + (system? #t) + (comment "Apache daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) ;; The gitolite user must also have an id that matches the respective ;; host user's one — otherwise the cgit CGI process floods logs with ;; an error about being unable to determine permissions of some @@ -609,7 +616,10 @@ exim_path = /run/setuid-programs/exim (name "gitolite3") (group "gitolite3") (uid 110) - (system? #t)) + (system? #t) + (comment "Gitolite repositories owner") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) (user-account (name "urz") (group "urz") |