summary refs log tree commit diff
path: root/modules/programs/shadow.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/programs/shadow.nix')
-rw-r--r--modules/programs/shadow.nix5
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix
index 3a348818a97c..137064bba851 100644
--- a/modules/programs/shadow.nix
+++ b/modules/programs/shadow.nix
@@ -21,6 +21,9 @@ let
       TTYGROUP     tty
       TTYPERM      0620
 
+      # Ensure privacy for newly created home directories.
+      UMASK        077
+
       # Uncomment this to allow non-root users to change their account
       #information.  This should be made configurable.
       #CHFN_RESTRICT frwh
@@ -35,7 +38,7 @@ in
   options = {
 
     users.defaultUserShell = pkgs.lib.mkOption {
-      default = "/var/run/current-system/sw/bin/bash";
+      default = "/run/current-system/sw/bin/bash";
       description = ''
         This option defines the default shell assigned to user
         accounts.  This must not be a store path, since the path is
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 13:14:02 +0000