From 9a4639ebfa3889de756ed92b736f32bf1f267c51 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Thu, 16 Mar 2023 11:11:02 -0300 Subject: queue.scm: Add proper docstring to shadow-group-service-type --- src/org/euandre/queue.scm | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'src/org/euandre') diff --git a/src/org/euandre/queue.scm b/src/org/euandre/queue.scm index 2485b97..ab2a482 100644 --- a/src/org/euandre/queue.scm +++ b/src/org/euandre/queue.scm @@ -270,6 +270,8 @@ definite Sendmail-ish flavor, but the inside is completely different.") ((#:configure-flags flags) #~(append '("CFLAGS=-DPATH_SENDMAIL=\\\"/run/setuid-programs/sendmail\\\"") #$flags)))))) + + (define-public python-pytest-tornado5 (package (name "python-pytest-tornado5") @@ -463,7 +465,18 @@ collections.OrderedDict that works in Python 2.4-2.6.") (service-extension account-service-type shadow-group-accounts))) (default-value (shadow-group-configuration)) - (description "FIXME:DOCUMENTATION"))) + (description "Provide the infrastructure to allow access to the +@file{/etc/shadow} file without requiring superuser privileges, by: + +@itemize +@item adding a dedicated group to the system (default: @code{etc-shadow}); +@item granting said group @emph{read-only access} to the @file{/etc/shadow} +file. +@end itemize + +The goal is to allow unprivileged processes to perform password authentication +against the @file{/etc/passwd} database, by adding the @code{etc-shadow} group +to the list of supplementary groups of the user of such running process."))) (define-record-type* -- cgit v1.2.3