diff options
| author | Guillaume Girol <symphorien+git@xlumurb.eu> | 2021-08-08 12:00:00 +0000 |
|---|---|---|
| committer | Guillaume Girol <symphorien+git@xlumurb.eu> | 2021-09-12 14:59:30 +0200 |
| commit | 476fcfd2aa1744593c6d1a623a0f3eee60cd4066 (patch) | |
| tree | 680c112e80102da0f7814abd9a320c9c57cf7884 /nixos | |
| parent | bc3bca822a32fbbc73a9d55394991cef92dba3b9 (diff) | |
nixos: add release notes about users.users.name.group
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 27 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 19 |
2 files changed, 46 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index b922f9f12082..c2dc9fd2ef9a 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -326,6 +326,33 @@ Superuser created successfully. </listitem> <listitem> <para> + <link xlink:href="options.html#opt-users.users._name_.group">users.users.<name>.group</link> + no longer defaults to <literal>nogroup</literal>, which was + insecure. Out-of-tree modules are likely to require + adaptation: instead of + </para> + <programlisting language="bash"> +{ + users.users.foo = { + isSystemUser = true; + }; +} +</programlisting> + <para> + also create a group for your user: + </para> + <programlisting language="bash"> +{ + users.users.foo = { + isSystemUser = true; + group = "foo"; + }; + users.groups.foo = {}; +} +</programlisting> + </listitem> + <listitem> + <para> <literal>services.geoip-updater</literal> was broken and has been replaced by <link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>. diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index c7e5afb7d0af..aaeaf3a48eb4 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -120,6 +120,25 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)). +- [users.users.<name>.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of + ```nix + { + users.users.foo = { + isSystemUser = true; + }; + } + ``` + also create a group for your user: + ```nix + { + users.users.foo = { + isSystemUser = true; + group = "foo"; + }; + users.groups.foo = {}; + } + ``` + - `services.geoip-updater` was broken and has been replaced by [services.geoipupdate](options.html#opt-services.geoipupdate.enable). - PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release. |