diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-02-10 19:49:34 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-02-10 19:49:34 +0000 |
commit | 444e327f4e56d9ac4c9fd138fa432c0b351325fb (patch) | |
tree | 511d1dd1875c21e6f7b265e5498bfd98e218d0bc /nixpkgs | |
parent | c68ac80d101bafbeca88be02a624c602f0e9d7dd (diff) | |
download | nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.tar nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.tar.gz nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.tar.bz2 nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.tar.lz nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.tar.xz nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.tar.zst nixlib-444e327f4e56d9ac4c9fd138fa432c0b351325fb.zip |
nixos/users: create accessible parent dirs of home
If the parent(s) of a home directory being created did not exist, they would be created 0700, like the home directory itself. However, because these directories would be owned by root, they would be inaccessible to the user whose home directory was being created, which in turn would make their own home directory inaccessible. With this change, any _new_ directories created by createHome will be world-readable. This won't affect any existing data, since permissions passed to make_path only affect new directories.
Diffstat (limited to 'nixpkgs')
-rw-r--r-- | nixpkgs/nixos/modules/config/update-users-groups.pl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/config/update-users-groups.pl b/nixpkgs/nixos/modules/config/update-users-groups.pl index ef5e6346f02e..c1d6a079dee1 100644 --- a/nixpkgs/nixos/modules/config/update-users-groups.pl +++ b/nixpkgs/nixos/modules/config/update-users-groups.pl @@ -1,4 +1,5 @@ use strict; +use File::Basename; use File::Path qw(make_path); use File::Slurp; use JSON; @@ -213,7 +214,8 @@ foreach my $u (@{$spec->{users}}) { # Create a home directory. if ($u->{createHome}) { - make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home}; + make_path(dirname($u->{home}), { mode => 0755 }); + mkdir $u->{home}, 0700 if ! -e $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home}; } |