Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description

nixos/users-groups: createHome: Ensure HOME permissions, fix description
This commit is contained in:
Andreas Rammhold 2020-12-17 17:23:46 +01:00 committed by GitHub
commit fa0d499dbf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 5 deletions

View File

@ -431,6 +431,13 @@
been dropped from upstream releases.
</para>
</listitem>
<listitem>
<para>
<xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>.
Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others.
The option's description was incorrect regarding ownership management and has been simplified greatly.
</para>
</listitem>
</itemizedlist>
</section>
</section>

View File

@ -209,10 +209,11 @@ foreach my $u (@{$spec->{users}}) {
}
}
# Create a home directory.
# Ensure home directory incl. ownership and permissions.
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
chmod 0700, $u->{home};
}
if (defined $u->{passwordFile}) {

View File

@ -198,10 +198,8 @@ let
type = types.bool;
default = false;
description = ''
If true, the home directory will be created automatically. If this
option is true and the home directory already exists but is not
owned by the user, directory owner and group will be changed to
match the user.
Whether to create the home directory and ensure ownership as well as
permissions to match the user.
'';
};