mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-19 14:07:01 +01:00
gnu: system: Export %sudoers-specification.
Exporting this variable allows reusing the default value of the `sudoers-file' field when configuring it. * gnu/system.scm (gnu): Export %sudoers-specification. * doc/guix.texi (Invoking guix deploy): Document an example, to use with 'guix deploy'.
This commit is contained in:
parent
ce9fc7e8ab
commit
f6b950319c
2 changed files with 23 additions and 2 deletions
|
@ -26996,8 +26996,28 @@ login over SSH may be forbidden in some cases. To work around this,
|
|||
@command{guix deploy} can log in as an unprivileged user and employ
|
||||
@code{sudo} to escalate privileges. This will only work if @code{sudo} is
|
||||
currently installed on the remote and can be invoked non-interactively as
|
||||
@code{user}. That is: the line in @code{sudoers} granting @code{user} the
|
||||
ability to use @code{sudo} must contain the @code{NOPASSWD} tag.
|
||||
@code{user}. That is, the line in @code{sudoers} granting @code{user} the
|
||||
ability to use @code{sudo} must contain the @code{NOPASSWD} tag. This can
|
||||
be accomplished with the following operating system configuration snippet:
|
||||
|
||||
@lisp
|
||||
(use-modules ...
|
||||
(gnu system) ;for %sudoers-specification))
|
||||
|
||||
(define %user "username")
|
||||
|
||||
(operating-system
|
||||
...
|
||||
(sudoers-file
|
||||
(plain-file "sudoers"
|
||||
(string-append (plain-file-content %sudoers-specification)
|
||||
(format #f "~a ALL = NOPASSWD: ALL~%"
|
||||
%username)))))
|
||||
|
||||
@end lisp
|
||||
|
||||
For more information regarding the format of the @file{sudoers} file,
|
||||
consult @command{man sudoers}.
|
||||
|
||||
@deftp {Data Type} machine
|
||||
This is the data type representing a single machine in a heterogeneous Guix
|
||||
|
|
|
@ -138,6 +138,7 @@ (define-module (gnu system)
|
|||
local-host-aliases
|
||||
%root-account
|
||||
%setuid-programs
|
||||
%sudoers-specification
|
||||
%base-packages
|
||||
%base-firmware))
|
||||
|
||||
|
|
Loading…
Reference in a new issue