diff options
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 27 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 19 |
2 files changed, 46 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 6eaba9111a2b..a150e6af7178 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -369,6 +369,33 @@ Superuser created successfully. </listitem> <listitem> <para> + <link xlink:href="options.html#opt-users.users._name_.group">users.users.<name>.group</link> + no longer defaults to <literal>nogroup</literal>, which was + insecure. Out-of-tree modules are likely to require + adaptation: instead of + </para> + <programlisting language="bash"> +{ + users.users.foo = { + isSystemUser = true; + }; +} +</programlisting> + <para> + also create a group for your user: + </para> + <programlisting language="bash"> +{ + users.users.foo = { + isSystemUser = true; + group = "foo"; + }; + users.groups.foo = {}; +} +</programlisting> + </listitem> + <listitem> + <para> <literal>services.geoip-updater</literal> was broken and has been replaced by <link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>. diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index b77bd30ea17c..56ef6320ac01 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -136,6 +136,25 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)). +- [users.users.<name>.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of + ```nix + { + users.users.foo = { + isSystemUser = true; + }; + } + ``` + also create a group for your user: + ```nix + { + users.users.foo = { + isSystemUser = true; + group = "foo"; + }; + users.groups.foo = {}; + } + ``` + - `services.geoip-updater` was broken and has been replaced by [services.geoipupdate](options.html#opt-services.geoipupdate.enable). - PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release. |