3 files changed, 20 insertions, 70 deletions

diff --git a/gnu/system/linux.scm b/gnu/system/linux.scm
index 3a43eb45e3..5440f5852f 100644
--- a/gnu/system/linux.scm
+++ b/gnu/system/linux.scm
@@ -154,11 +154,13 @@ should be the name of a file used as the message-of-the-day."
 
 (define* (base-pam-services #:key allow-empty-passwords?)
   "Return the list of basic PAM services everyone would want."
-  (list %pam-other-services
-        (unix-pam-service "su" #:allow-empty-passwords? allow-empty-passwords?)
-        (unix-pam-service "passwd"
-                          #:allow-empty-passwords? allow-empty-passwords?)
-        (unix-pam-service "sudo"
-                          #:allow-empty-passwords? allow-empty-passwords?)))
+  (cons %pam-other-services
+        (map (cut unix-pam-service <>
+                  #:allow-empty-passwords? allow-empty-passwords?)
+             '("su" "passwd" "sudo"
+               "useradd" "userdel" "usermod"
+               "groupadd" "groupdel" "groupmod"
+               ;; TODO: Add other Shadow programs?
+               ))))
 
 ;;; linux.scm ends here
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index 52242ee4e0..8745ddb876 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -30,9 +30,10 @@
   #:export (user-account
             user-account?
             user-account-name
-            user-account-pass
+            user-account-password
             user-account-uid
-            user-account-gid
+            user-account-group
+            user-account-supplementary-groups
             user-account-comment
             user-account-home-directory
             user-account-shell
@@ -42,11 +43,7 @@
             user-group-name
             user-group-password
             user-group-id
-            user-group-members
-
-            passwd-file
-            group-file
-            guix-build-accounts))
+            user-group-members))
 
 ;;; Commentary:
 ;;;
@@ -58,9 +55,11 @@
   user-account make-user-account
   user-account?
   (name           user-account-name)
-  (password       user-account-pass (default ""))
-  (uid            user-account-uid)
-  (gid            user-account-gid)
+  (password       user-account-password (default #f))
+  (uid            user-account-uid (default #f))
+  (group          user-account-group)             ; number | string
+  (supplementary-groups user-account-supplementary-groups
+                        (default '()))            ; list of strings
   (comment        user-account-comment (default ""))
   (home-directory user-account-home-directory)
   (shell          user-account-shell              ; gexp
@@ -71,47 +70,7 @@
   user-group?
   (name           user-group-name)
   (password       user-group-password (default #f))
-  (id             user-group-id)
+  (id             user-group-id (default #f))
   (members        user-group-members (default '())))
 
-(define (group-file groups)
-  "Return a /etc/group file for GROUPS, a list of <user-group> objects."
-  (define contents
-    (let loop ((groups groups)
-               (result '()))
-      (match groups
-        ((($ <user-group> name _ gid (users ...)) rest ...)
-         ;; XXX: Ignore the group password.
-         (loop rest
-               (cons (string-append name "::" (number->string gid)
-                                    ":" (string-join users ","))
-                     result)))
-        (()
-         (string-join (reverse result) "\n" 'suffix)))))
-
-  (text-file "group" contents))
-
-(define* (passwd-file accounts #:key shadow?)
-  "Return a password file for ACCOUNTS, a list of <user-account> objects.  If
-SHADOW? is true, then it is a /etc/shadow file, otherwise it is a /etc/passwd
-file."
-  ;; XXX: The resulting file is world-readable, so beware when SHADOW? is #t!
-  (define account-exp
-    (match-lambda
-     (($ <user-account> name pass uid gid comment home-dir shell)
-      (if shadow?                                 ; XXX: use (crypt PASS …)?
-          #~(format #t "~a::::::::~%" #$name)
-          #~(format #t "~a:x:~a:~a:~a:~a:~a~%"
-                    #$name #$(number->string uid) #$(number->string gid)
-                    #$comment #$home-dir #$shell)))))
-
-  (define builder
-    #~(begin
-        (with-output-to-file #$output
-          (lambda ()
-            #$@(map account-exp accounts)
-            #t))))
-
-  (gexp->derivation (if shadow? "shadow" "passwd") builder))
-
 ;;; shadow.scm ends here
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 2520853205..ede7ea7726 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -267,16 +267,6 @@ such as /etc files."
 (define (operating-system-default-contents os)
   "Return a list of directives suitable for 'system-qemu-image' describing the
 basic contents of the root file system of OS."
-  (define (user-directories user)
-    (let ((home (user-account-home-directory user))
-          ;; XXX: Deal with automatically allocated ids.
-          (uid  (or (user-account-uid user) 0))
-          (gid  (or (user-account-gid user) 0))
-          (root (string-append "/var/guix/profiles/per-user/"
-                               (user-account-name user))))
-      #~((directory #$root #$uid #$gid)
-         (directory #$home #$uid #$gid))))
-
   (mlet* %store-monad ((os-drv    (operating-system-derivation os))
                        (build-gid (operating-system-build-gid os))
                        (profile   (operating-system-profile os)))
@@ -293,9 +283,8 @@ basic contents of the root file system of OS."
                (directory "/tmp")
                (directory "/var/guix/profiles/per-user/root" 0 0)
 
-               (directory "/root" 0 0)             ; an exception
-               #$@(append-map user-directories
-                              (operating-system-users os))))))
+               (directory "/root" 0 0)            ; an exception
+               (directory "/home" 0 0)))))
 
 (define* (system-qemu-image os
                             #:key