movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 12:15:34 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/users-groups: split isSystemUser/isNormalUser and uid check into two

Browse source 
Before the error message only mentioned isSystemUser/isNormalUser which
lead to a confusing situation when setting isNormalUser and an uid like
500 which would generate an error like:

error:
Failed assertions:
- Exactly one of users.users.other.isSystemUser and users.users.other.isNormalUser must be set.

from which you cannot know that setting the uid to 500 *and* setting
isNormalUser is the actual problem.

With this patch the error looks like:

error:
Failed assertions:
- A user cannot have a users.users.fixme.uid set below 1000 and set users.users.fixme.isNormalUser.
Either users.users.fixme.isSystemUser must be set to true instead of users.users.fixme.isNormalUser
or users.users.fixme.uid must be changed to 1000 or above.
This commit is contained in:
Sandro Jäckel 2024-11-21 17:50:12 +01:00
parent 9cd5d0922a
commit db0a0b1173
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/config/users-groups.nix
View file

@ -906,9 +906,18 @@ in {
of /etc/shadow (file where hashes are stored) are colon-separated.
Please check the value of option `users.users."${user.name}".hashedPassword`.'';
}
{
assertion = user.isNormalUser && user.uid != null -> user.uid >= 1000;
message = ''
A user cannot have a users.users.${user.name}.uid set below 1000 and set users.users.${user.name}.isNormalUser.
Either users.users.${user.name}.isSystemUser must be set to true instead of users.users.${user.name}.isNormalUser
or users.users.${user.name}.uid must be changed to 1000 or above.
'';
}
{
assertion = let
isEffectivelySystemUser = user.isSystemUser || (user.uid != null && user.uid < 1000);
# we do an extra check on isNormalUser here, to not trigger this assertion when isNormalUser is set and uid to < 1000
isEffectivelySystemUser = user.isSystemUser || (user.uid != null && user.uid < 1000 && !user.isNormalUser);
in xor isEffectivelySystemUser user.isNormalUser;
message = ''
Exactly one of users.users.${user.name}.isSystemUser and users.users.${user.name}.isNormalUser must be set.