Next: Locales, Previous: Mapped Devices, Up: System Configuration [Contents][Index]
User accounts and groups are entirely managed through the
operating-system
declaration. They are specified with the
user-account
and user-group
forms:
(user-account (name "alice") (group "users") (supplementary-groups '("wheel" ;allow use of sudo, etc. "audio" ;sound card "video" ;video devices such as webcams "cdrom")) ;the good ol' CD-ROM (comment "Bob's sister") (home-directory "/home/alice"))
When booting or upon completion of guix system reconfigure
,
the system ensures that only the user accounts and groups specified in
the operating-system
declaration exist, and with the specified
properties. Thus, account or group creations or modifications made by
directly invoking commands such as useradd
are lost upon
reconfiguration or reboot. This ensures that the system remains exactly
as declared.
Objects of this type represent user accounts. The following members may be specified:
name
The name of the user account.
group
This is the name (a string) or identifier (a number) of the user group this account belongs to.
supplementary-groups
(default: '()
)Optionally, this can be defined as a list of group names that this account belongs to.
uid
(default: #f
)This is the user ID for this account (a number), or #f
. In the
latter case, a number is automatically chosen by the system when the
account is created.
comment
(default: ""
)A comment about the account, such as the account’s owner full name.
home-directory
This is the name of the home directory for the account.
shell
(default: Bash)This is a G-expression denoting the file name of a program to be used as the shell (see G-Expressions).
system?
(default: #f
)This Boolean value indicates whether the account is a “system” account. System accounts are sometimes treated specially; for instance, graphical login managers do not list them.
password
(default: #f
)You would normally leave this field to #f
, initialize user
passwords as root
with the passwd
command, and then let
users change it with passwd
. Passwords set with
passwd
are of course preserved across reboot and
reconfiguration.
If you do want to have a preset password for an account, then
this field must contain the encrypted password, as a string.
See crypt in The GNU C Library Reference Manual, for more information
on password encryption, and Encryption in GNU Guile Reference
Manual, for information on Guile’s crypt
procedure.
User group declarations are even simpler:
(user-group (name "students"))
This type is for, well, user groups. There are just a few fields:
name
The group’s name.
id
(default: #f
)The group identifier (a number). If #f
, a new number is
automatically allocated when the group is created.
system?
(default: #f
)This Boolean value indicates whether the group is a “system” group. System groups have low numerical IDs.
password
(default: #f
)What, user groups can have a password? Well, apparently yes. Unless
#f
, this field specifies the group’s password.
For convenience, a variable lists all the basic user groups one may expect:
This is the list of basic user groups that users and/or packages expect to be present on the system. This includes groups such as “root”, “wheel”, and “users”, as well as groups used to control access to specific devices such as “audio”, “disk”, and “cdrom”.
This is the list of basic system accounts that programs may expect to find on a GNU/Linux system, such as the “nobody” account.
Note that the “root” account is not included here. It is a special-case and is automatically added whether or not it is specified.
Next: Locales, Previous: Mapped Devices, Up: System Configuration [Contents][Index]