Workaround user deletion issues
Signed-off-by: Ana Hobden <operator@hoverbear.org>
This commit is contained in:
parent
c230ea65f6
commit
80b7c2c1fa
|
@ -13,10 +13,11 @@ Planned support:
|
|||
* [x] Multi-user x86_64 Linux with systemd init
|
||||
* [ ] Multi-user aarch64 Linux with systemd init
|
||||
* [x] Multi-user x86_64 MacOS
|
||||
+ Note: Uninstall and encrypted volume support are incomplete
|
||||
+ Note: user deletion is still buggy
|
||||
* [x] Multi-user aarch64 MacOS
|
||||
+ Note: user deletion is still buggy
|
||||
* [ ] Single-user x86_64 Linux with systemd init
|
||||
* [ ] Single-user aarch64 Linux with systemd init
|
||||
* [ ] Multi-user aarch64 MacOS
|
||||
* [ ] Others...
|
||||
|
||||
## Installation Differences
|
||||
|
|
|
@ -70,17 +70,29 @@ impl Action for CreateGroup {
|
|||
patch: _,
|
||||
}
|
||||
| OperatingSystem::Darwin => {
|
||||
execute_command(Command::new("/usr/sbin/dseditgroup").args([
|
||||
"-o",
|
||||
"create",
|
||||
"-r",
|
||||
"Nix build group for nix-daemon",
|
||||
"-i",
|
||||
&format!("{gid}"),
|
||||
name.as_str(),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateGroupError::Command(e).boxed())?;
|
||||
// TODO(@hoverbear): Make this actually work...
|
||||
// Right now, our test machines do not have a secure token and cannot delete users.
|
||||
|
||||
if Command::new("/usr/bin/dscl")
|
||||
.args([".", "-read", &format!("/Groups/{name}")])
|
||||
.status()
|
||||
.await?
|
||||
.success()
|
||||
{
|
||||
()
|
||||
} else {
|
||||
execute_command(Command::new("/usr/sbin/dseditgroup").args([
|
||||
"-o",
|
||||
"create",
|
||||
"-r",
|
||||
"Nix build group for nix-daemon",
|
||||
"-i",
|
||||
&format!("{gid}"),
|
||||
name.as_str(),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateGroupError::Command(e).boxed())?;
|
||||
}
|
||||
},
|
||||
_ => {
|
||||
execute_command(Command::new("groupadd").args([
|
||||
|
@ -141,13 +153,16 @@ impl Action for CreateGroup {
|
|||
patch: _,
|
||||
}
|
||||
| OperatingSystem::Darwin => {
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-delete",
|
||||
&format!("/Groups/{name}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateGroupError::Command(e).boxed())?;
|
||||
// TODO(@hoverbear): Make this actually work...
|
||||
// Right now, our test machines do not have a secure token and cannot delete users.
|
||||
|
||||
// execute_command(Command::new("/usr/bin/dscl").args([
|
||||
// ".",
|
||||
// "-delete",
|
||||
// &format!("/Groups/{name}"),
|
||||
// ]))
|
||||
// .await
|
||||
// .map_err(|e| CreateGroupError::Command(e).boxed())?;
|
||||
},
|
||||
_ => {
|
||||
execute_command(Command::new("groupdel").arg(&name))
|
||||
|
|
|
@ -81,81 +81,93 @@ impl Action for CreateUser {
|
|||
patch: _,
|
||||
}
|
||||
| OperatingSystem::Darwin => {
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"UniqueID",
|
||||
&format!("{uid}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"PrimaryGroupID",
|
||||
&format!("{gid}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"NFSHomeDirectory",
|
||||
"/var/empty",
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"UserShell",
|
||||
"/sbin/nologin",
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(
|
||||
Command::new("/usr/bin/dscl")
|
||||
.args([
|
||||
".",
|
||||
"-append",
|
||||
&format!("/Groups/{groupname}"),
|
||||
"GroupMembership",
|
||||
])
|
||||
.arg(&name),
|
||||
)
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"IsHidden",
|
||||
"1",
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(
|
||||
Command::new("/usr/sbin/dseditgroup")
|
||||
.args(["-o", "edit"])
|
||||
.arg("-a")
|
||||
.arg(&name)
|
||||
.arg("-t")
|
||||
.arg(&name)
|
||||
.arg(groupname),
|
||||
)
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
// TODO(@hoverbear): Make this actually work...
|
||||
// Right now, our test machines do not have a secure token and cannot delete users.
|
||||
|
||||
if Command::new("/usr/bin/dscl")
|
||||
.args([".", "-read", &format!("/Users/{name}")])
|
||||
.status()
|
||||
.await?
|
||||
.success()
|
||||
{
|
||||
()
|
||||
} else {
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"UniqueID",
|
||||
&format!("{uid}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"PrimaryGroupID",
|
||||
&format!("{gid}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"NFSHomeDirectory",
|
||||
"/var/empty",
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"UserShell",
|
||||
"/sbin/nologin",
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(
|
||||
Command::new("/usr/bin/dscl")
|
||||
.args([
|
||||
".",
|
||||
"-append",
|
||||
&format!("/Groups/{groupname}"),
|
||||
"GroupMembership",
|
||||
])
|
||||
.arg(&name),
|
||||
)
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-create",
|
||||
&format!("/Users/{name}"),
|
||||
"IsHidden",
|
||||
"1",
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
execute_command(
|
||||
Command::new("/usr/sbin/dseditgroup")
|
||||
.args(["-o", "edit"])
|
||||
.arg("-a")
|
||||
.arg(&name)
|
||||
.arg("-t")
|
||||
.arg(&name)
|
||||
.arg(groupname),
|
||||
)
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
}
|
||||
},
|
||||
_ => {
|
||||
execute_command(Command::new("useradd").args([
|
||||
|
@ -235,13 +247,16 @@ impl Action for CreateUser {
|
|||
patch: _,
|
||||
}
|
||||
| OperatingSystem::Darwin => {
|
||||
execute_command(Command::new("/usr/bin/dscl").args([
|
||||
".",
|
||||
"-delete",
|
||||
&format!("/Users/{name}"),
|
||||
]))
|
||||
.await
|
||||
.map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
// TODO(@hoverbear): Make this actually work...
|
||||
// Right now, our test machines do not have a secure token and cannot delete users.
|
||||
|
||||
// execute_command(Command::new("/usr/bin/dscl").args([
|
||||
// ".",
|
||||
// "-delete",
|
||||
// &format!("/Users/{name}"),
|
||||
// ]))
|
||||
// .await
|
||||
// .map_err(|e| CreateUserError::Command(e).boxed())?;
|
||||
},
|
||||
_ => {
|
||||
execute_command(Command::new("userdel").args([&name.to_string()]))
|
||||
|
|
Loading…
Reference in a new issue