movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge pull request #168168 from fedeinthemix/home-mode

Browse source 
nixos/users-group: Add 'homeMode' option.
This commit is contained in:
Janne Heß 2022-05-23 12:27:49 +02:00 committed by GitHub
commit e9bdd5fa74
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/config/update-users-groups.pl
View file

@ -223,10 +223,10 @@ foreach my $u (@{$spec->{users}}) {
} }
# Ensure home directory incl. ownership and permissions. # Ensure home directory incl. ownership and permissions.
if ($u->{createHome}) { if ($u->{createHome} and !$is_dry) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry; make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home};
chmod 0700, $u->{home}; chmod oct($u->{homeMode}), $u->{home};
} }
if (defined $u->{passwordFile}) { if (defined $u->{passwordFile}) {

9
nixos/modules/config/users-groups.nix
View file

@ -139,6 +139,12 @@ let
description = "The user's home directory."; description = "The user's home directory.";
}; };
homeMode = mkOption {
type = types.strMatching "[0-7]{1,5}";
default = "700";
description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if <option>users.users.&lt;name&gt;.createHome</option> is true.";
};
cryptHomeLuks = mkOption { cryptHomeLuks = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
@ -319,6 +325,7 @@ let
group = mkDefault "users"; group = mkDefault "users";
createHome = mkDefault true; createHome = mkDefault true;
home = mkDefault "/home/${config.name}"; home = mkDefault "/home/${config.name}";
homeMode = mkDefault "700";
useDefaultShell = mkDefault true; useDefaultShell = mkDefault true;
isSystemUser = mkDefault false; isSystemUser = mkDefault false;
}) })
@ -430,7 +437,7 @@ let
inherit (cfg) mutableUsers; inherit (cfg) mutableUsers;
users = mapAttrsToList (_: u: users = mapAttrsToList (_: u:
{ inherit (u) { inherit (u)
name uid group description home createHome isSystemUser name uid group description home homeMode createHome isSystemUser
password passwordFile hashedPassword password passwordFile hashedPassword
autoSubUidGidRange subUidRanges subGidRanges autoSubUidGidRange subUidRanges subGidRanges
initialPassword initialHashedPassword; initialPassword initialHashedPassword;

1
nixos/tests/all-tests.nix
View file

@ -580,6 +580,7 @@ in
uptermd = handleTest ./uptermd.nix {}; uptermd = handleTest ./uptermd.nix {};
usbguard = handleTest ./usbguard.nix {}; usbguard = handleTest ./usbguard.nix {};
user-activation-scripts = handleTest ./user-activation-scripts.nix {}; user-activation-scripts = handleTest ./user-activation-scripts.nix {};
user-home-mode = handleTest ./user-home-mode.nix {};
uwsgi = handleTest ./uwsgi.nix {}; uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {}; v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {}; vault = handleTest ./vault.nix {};

27
nixos/tests/user-home-mode.nix Normal file
View file

@ -0,0 +1,27 @@
import ./make-test-python.nix ({ lib, ... }: {
name = "user-home-mode";
meta = with lib.maintainers; { maintainers = [ fbeffa ]; };
nodes.machine = {
users.users.alice = {
initialPassword = "pass1";
isNormalUser = true;
};
users.users.bob = {
initialPassword = "pass2";
isNormalUser = true;
homeMode = "750";
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("getty@tty1.service")
machine.wait_until_tty_matches(1, "login: ")
machine.send_chars("alice\n")
machine.wait_until_tty_matches(1, "Password: ")
machine.send_chars("pass1\n")
machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
'';
})