8833983f26
configuration.nix(1) states users.extraUsers.<name>.createHome [...] If [...] the home directory already exists but is not owned by the user, directory owner and group will be changed to match the user. i.e. ownership would change only if the user mismatched; the code however ignores the owner, it is sufficient to enable `createHome`: if ($u->{createHome}) { make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; } Furthermore, permissions are ignored on already existing directories and therefore may allow others to read private data eventually. Given that createHome already acts as switch to not only create but effectively own the home directory, manage permissions in the same manner to ensure the intended default and cover all primary attributes. Avoid yet another configuration option to have administrators make a clear and simple choice between securely managing home directories and optionally defering management to own code (taking care of custom location, ownership, mode, extended attributes, etc.). While here, simplify and thereby fix misleading documentation. |
||
---|---|---|
.. | ||
release-notes.xml | ||
rl-1310.xml | ||
rl-1404.xml | ||
rl-1412.xml | ||
rl-1509.xml | ||
rl-1603.xml | ||
rl-1609.xml | ||
rl-1703.xml | ||
rl-1709.xml | ||
rl-1803.xml | ||
rl-1809.xml | ||
rl-1903.xml | ||
rl-1909.xml | ||
rl-2003.xml | ||
rl-2009.xml | ||
rl-2103.xml |