diff options
| author | Andreas Rammhold <andreas@rammhold.de> | 2020-12-17 17:23:46 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-17 17:23:46 +0100 |
| commit | fa0d499dbfa56be0b57b5d822702c624bb434dc1 (patch) | |
| tree | 53aa03ecc0da8e01ba85476573345b090d79d481 | |
| parent | f01f31737120252d8d0608840d3911c2e0f7e4c3 (diff) | |
| parent | 8833983f261c6afa0361465f31c4dbc39c45b386 (diff) | |
Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
nixos/users-groups: createHome: Ensure HOME permissions, fix description
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2103.xml | 7 | ||||
| -rw-r--r-- | nixos/modules/config/update-users-groups.pl | 3 | ||||
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 6 |
3 files changed, 11 insertions, 5 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 2b0144a69c22..7c6356770a5f 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -431,6 +431,13 @@ been dropped from upstream releases. </para> </listitem> + <listitem> + <para> + <xref linkend="opt-users.users._name_.createHome" /> now always ensures home directory permissions to be <literal>0700</literal>. + Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. + The option's description was incorrect regarding ownership management and has been simplified greatly. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index fd3affae899c..758237152932 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -209,10 +209,11 @@ foreach my $u (@{$spec->{users}}) { } } - # Create a home directory. + # Ensure home directory incl. ownership and permissions. if ($u->{createHome}) { make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; + chmod 0700, $u->{home}; } if (defined $u->{passwordFile}) { diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 72285fe631da..a95763380986 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -198,10 +198,8 @@ let type = types.bool; default = false; description = '' - If true, the home directory will be created automatically. If this - option is true and the home directory already exists but is not - owned by the user, directory owner and group will be changed to - match the user. + Whether to create the home directory and ensure ownership as well as + permissions to match the user. ''; }; |