From eea14360656ac837a3b38eaa364f450fa22de9e0 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Thu, 31 Aug 2023 17:40:53 +0200 Subject: Prevent creation of /home/ directories for system users --- container.scm | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'container.scm') diff --git a/container.scm b/container.scm index 2896c3f..046a8c1 100644 --- a/container.scm +++ b/container.scm @@ -30,7 +30,8 @@ (use-package-modules web python version-control - mail) + mail + admin) (use-service-modules web shepherd certbot @@ -595,12 +596,18 @@ exim_path = /run/setuid-programs/exim (group "exim") (supplementary-groups '("certsaccess")) (uid 106) - (system? #t)) + (system? #t) + (comment "Exim daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) (user-account (name "httpd") (group "httpd") (supplementary-groups '("gitolite3" "certsaccess")) - (system? #t)) + (system? #t) + (comment "Apache daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) ;; The gitolite user must also have an id that matches the respective ;; host user's one — otherwise the cgit CGI process floods logs with ;; an error about being unable to determine permissions of some @@ -609,7 +616,10 @@ exim_path = /run/setuid-programs/exim (name "gitolite3") (group "gitolite3") (uid 110) - (system? #t)) + (system? #t) + (comment "Gitolite repositories owner") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) (user-account (name "urz") (group "urz") -- cgit v1.2.3