Fixes <https://issues.guix.gnu.org/52539>.
Reported by Jacob First <jacob.first@member.fsf.org>.
* gnu/build/accounts.scm (allocate-passwd): Add comment as to why
'real-name' is taken from PREVIOUS. Add (not system?) to the
condition.
* gnu/system.scm (operating-system-etc-service) <login.defs>: Add
"CHFN_RESTRICT".
* gnu/system.scm (%setuid-programs): Add "chfn".
* gnu/system/pam.scm (base-pam-services): Add "chfn".
* doc/guix.texi (User Accounts): Document it.
When adding multiple instances of a service requiring some user
account/group, we could end up with multiple entries for that account or
group in /etc/passwd or /etc/group.
* gnu/build/accounts.scm (database-writer)[write-entries]: Add call to
'delete-duplicates'.
* tests/accounts.scm ("write-passwd with duplicate entry"): New test.
Suggested by Florian Pelz <pelzflorian@pelzflorian.de>
in <http://bugs.gnu.org/35996>.
* gnu/build/accounts.scm (%password-lock-file): New variable.
* gnu/build/activation.scm (activate-users+groups): Wrap calls to
'user+group-databases', 'write-group', etc. into 'with-file-lock'.
Starting from commit 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86, Guix
System would preserve the user shell across reconfigure and reboot.
This was done so as to allow for the use of 'chsh'.
This proved to be a misguided decision. This commit goes back to
considering user shells as config and not "state."
* gnu/build/accounts.scm (allocate-passwd): Do not use shell from
PREVIOUS.