Make fcron work for any unprivileged user
This commit is contained in:
Sander van der Burg
Sander van der Burg
parent
91cceea649
commit
d603484180
|
|
@ -8,6 +8,8 @@
|
|||
, libDir ? "${stateDir}/lib"
|
||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, callingUser ? null
|
||||
, callingGroup ? null
|
||||
, processManager
|
||||
}:
|
||||
|
||||
|
|
@ -15,7 +17,7 @@ let
|
|||
ids = if builtins.pathExists ./ids.nix then (import ./ids.nix).ids else {};
|
||||
|
||||
constructors = import ../../services-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir libDir forceDisableUserChange processManager ids;
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir libDir forceDisableUserChange callingUser callingGroup processManager ids;
|
||||
};
|
||||
in
|
||||
rec {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@
|
|||
, libDir
|
||||
, tmpDir
|
||||
, forceDisableUserChange
|
||||
, callingUser ? null
|
||||
, callingGroup ? null
|
||||
, processManager
|
||||
, ids ? {}
|
||||
}:
|
||||
|
|
@ -68,12 +70,12 @@ in
|
|||
};
|
||||
|
||||
fcron = import ./fcron {
|
||||
inherit createManagedProcess stateDir spoolDir runtimeDir tmpDir forceDisableUserChange;
|
||||
inherit createManagedProcess stateDir spoolDir runtimeDir tmpDir forceDisableUserChange callingUser callingGroup;
|
||||
inherit (pkgs) lib writeTextFile fcron;
|
||||
};
|
||||
|
||||
declarativeFcron = import ./fcron/declarative.nix {
|
||||
inherit createManagedProcess stateDir spoolDir runtimeDir tmpDir forceDisableUserChange;
|
||||
inherit createManagedProcess stateDir spoolDir runtimeDir tmpDir forceDisableUserChange callingUser callingGroup;
|
||||
inherit (pkgs) lib writeTextFile fcron utillinux;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{createManagedProcess, writeTextFile, lib, fcron, utillinux, stateDir, runtimeDir, tmpDir, spoolDir, forceDisableUserChange}:
|
||||
{createManagedProcess, writeTextFile, lib, fcron, utillinux, stateDir, runtimeDir, tmpDir, spoolDir, forceDisableUserChange, callingUser, callingGroup}:
|
||||
|
||||
{ instanceSuffix ? ""
|
||||
, instanceName ? "fcron${instanceSuffix}"
|
||||
|
|
@ -11,7 +11,7 @@ let
|
|||
fcronEtcDir = "${stateDir}/etc/${instanceName}";
|
||||
in
|
||||
import ./default.nix {
|
||||
inherit createManagedProcess writeTextFile lib fcron stateDir runtimeDir tmpDir spoolDir forceDisableUserChange;
|
||||
inherit createManagedProcess writeTextFile lib fcron stateDir runtimeDir tmpDir spoolDir forceDisableUserChange callingUser callingGroup;
|
||||
} {
|
||||
inherit instanceSuffix instanceName;
|
||||
|
||||
|
|
@ -26,8 +26,6 @@ import ./default.nix {
|
|||
in
|
||||
''
|
||||
cp ${fcrontabFile} ${fcronSpoolDir}/${user}.orig
|
||||
''
|
||||
+ ''
|
||||
${lib.optionalString (!forceDisableUserChange) "${utillinux}/bin/runuser -u root -g ${instanceName} --"} fcrontab -c ${fcronEtcDir}/fcron.conf -u systab -z
|
||||
''
|
||||
) (builtins.attrNames fcrontabPerUser)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{createManagedProcess, writeTextFile, lib, fcron, stateDir, runtimeDir, tmpDir, spoolDir, forceDisableUserChange}:
|
||||
{createManagedProcess, writeTextFile, lib, fcron, stateDir, runtimeDir, tmpDir, spoolDir, forceDisableUserChange, callingUser, callingGroup}:
|
||||
{instanceSuffix ? "", instanceName ? "fcron${instanceSuffix}", initialize ? ""}:
|
||||
|
||||
let
|
||||
|
|
@ -26,7 +26,7 @@ let
|
|||
fcronPkg =
|
||||
if forceDisableUserChange then fcron.overrideAttrs (originalAttrs:
|
||||
originalAttrs // {
|
||||
configureFlags = originalAttrs.configureFlags ++ [ "--with-run-non-privileged" "--with-rootname=unprivileged" "--with-rootgroup=users" "--with-username=unprivileged" "--with-groupname=users" ];
|
||||
configureFlags = originalAttrs.configureFlags ++ [ "--with-run-non-privileged" "--with-rootname=${callingUser}" "--with-rootgroup=${callingGroup}" "--with-username=${callingUser}" "--with-groupname=${callingGroup}" ];
|
||||
}
|
||||
)
|
||||
else if user != "fcron" || group != "fcron" then fcron.overrideAttrs (originalAttrs:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,14 @@
|
|||
, libDir ? "${stateDir}/lib"
|
||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, callingUser ? null
|
||||
, callingGroup ? null
|
||||
, processManager
|
||||
}:
|
||||
|
||||
let
|
||||
constructors = import ../../services-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager;
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange callingUser callingGroup processManager;
|
||||
};
|
||||
in
|
||||
rec {
|
||||
|
|
|
|||
Loading…
Reference in New Issue