nixos/users: create accessible parent dirs of home

If the parent(s) of a home directory being created did not exist, they
would be created 0700, like the home directory itself. However, because
these directories would be owned by root, they would be inaccessible to
the user whose home directory was being created, which in turn would
make their own home directory inaccessible.

With this change, any _new_ directories created by createHome will be
world-readable. This won't affect any existing data, since permissions
passed to make_path only affect new directories.

1 files changed, 3 insertions, 1 deletions

diff --git a/nixpkgs/nixos/modules/config/update-users-groups.pl b/nixpkgs/nixos/modules/config/update-users-groups.pl
index ef5e6346f02e..c1d6a079dee1 100644
--- a/nixpkgs/nixos/modules/config/update-users-groups.pl
+++ b/nixpkgs/nixos/modules/config/update-users-groups.pl
@@ -1,4 +1,5 @@
 use strict;
+use File::Basename;
 use File::Path qw(make_path);
 use File::Slurp;
 use JSON;
@@ -213,7 +214,8 @@ foreach my $u (@{$spec->{users}}) {
 
     # Create a home directory.
     if ($u->{createHome}) {
-        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
+        make_path(dirname($u->{home}), { mode => 0755 });
+        mkdir $u->{home}, 0700 if ! -e $u->{home};
         chown $u->{uid}, $u->{gid}, $u->{home};
     }