pyrox.dev
Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
nixos/users-groups: createHome: Ensure HOME permissions, fix description
authored by Andreas Rammhold and committed by GitHub fa0d499d f01f3173
+7
nixos/doc/manual/release-notes/rl-2103.xml
+7
nixos/doc/manual/release-notes/rl-2103.xml
···
431
431
been dropped from upstream releases.
432
432
</para>
433
433
</listitem>
434
+
<listitem>
435
+
<para>
436
+
<xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>.
437
+
Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others.
438
+
The option's description was incorrect regarding ownership management and has been simplified greatly.
439
+
</para>
440
+
</listitem>
434
441
</itemizedlist>
435
442
</section>
436
443
</section>
+2
-1
nixos/modules/config/update-users-groups.pl
+2
-1
nixos/modules/config/update-users-groups.pl
···
209
209
}
210
210
}
211
211
212
-
# Create a home directory.
212
+
# Ensure home directory incl. ownership and permissions.
213
213
if ($u->{createHome}) {
214
214
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
215
215
chown $u->{uid}, $u->{gid}, $u->{home};
216
+
chmod 0700, $u->{home};
216
217
}
217
218
218
219
if (defined $u->{passwordFile}) {
+2
-4
nixos/modules/config/users-groups.nix
+2
-4
nixos/modules/config/users-groups.nix
···
198
198
type = types.bool;
199
199
default = false;
200
200
description = ''
201
-
If true, the home directory will be created automatically. If this
202
-
option is true and the home directory already exists but is not
203
-
owned by the user, directory owner and group will be changed to
204
-
match the user.
201
+
Whether to create the home directory and ensure ownership as well as
202
+
permissions to match the user.
205
203
'';
206
204
};
207
205