Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
nixos/users-groups: createHome: Ensure HOME permissions, fix description
This commit is contained in:
commit
fa0d499dbf
@ -431,6 +431,13 @@
|
||||
been dropped from upstream releases.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>.
|
||||
Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others.
|
||||
The option's description was incorrect regarding ownership management and has been simplified greatly.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
@ -209,10 +209,11 @@ foreach my $u (@{$spec->{users}}) {
|
||||
}
|
||||
}
|
||||
|
||||
# Create a home directory.
|
||||
# Ensure home directory incl. ownership and permissions.
|
||||
if ($u->{createHome}) {
|
||||
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
|
||||
chown $u->{uid}, $u->{gid}, $u->{home};
|
||||
chmod 0700, $u->{home};
|
||||
}
|
||||
|
||||
if (defined $u->{passwordFile}) {
|
||||
|
@ -198,10 +198,8 @@ let
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If true, the home directory will be created automatically. If this
|
||||
option is true and the home directory already exists but is not
|
||||
owned by the user, directory owner and group will be changed to
|
||||
match the user.
|
||||
Whether to create the home directory and ensure ownership as well as
|
||||
permissions to match the user.
|
||||
'';
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user