summaryrefslogtreecommitdiffstats
path: root/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2111.section.xml')
-rw-r--r--nixos/doc/manual/from_md/release-notes/rl-2111.section.xml27
1 files changed, 27 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
index 6eaba9111a2b..a150e6af7178 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@@ -369,6 +369,33 @@ Superuser created successfully.
</listitem>
<listitem>
<para>
+ <link xlink:href="options.html#opt-users.users._name_.group">users.users.&lt;name&gt;.group</link>
+ no longer defaults to <literal>nogroup</literal>, which was
+ insecure. Out-of-tree modules are likely to require
+ adaptation: instead of
+ </para>
+ <programlisting language="bash">
+{
+ users.users.foo = {
+ isSystemUser = true;
+ };
+}
+</programlisting>
+ <para>
+ also create a group for your user:
+ </para>
+ <programlisting language="bash">
+{
+ users.users.foo = {
+ isSystemUser = true;
+ group = &quot;foo&quot;;
+ };
+ users.groups.foo = {};
+}
+</programlisting>
+ </listitem>
+ <listitem>
+ <para>
<literal>services.geoip-updater</literal> was broken and has
been replaced by
<link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-13 02:19:55 +0000