From 444e327f4e56d9ac4c9fd138fa432c0b351325fb Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Sun, 10 Feb 2019 19:49:34 +0000
Subject: nixos/users: create accessible parent dirs of home

If the parent(s) of a home directory being created did not exist, they
would be created 0700, like the home directory itself. However, because
these directories would be owned by root, they would be inaccessible to
the user whose home directory was being created, which in turn would
make their own home directory inaccessible.

With this change, any _new_ directories created by createHome will be
world-readable. This won't affect any existing data, since permissions
passed to make_path only affect new directories.
---
 nixpkgs/nixos/modules/config/update-users-groups.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'nixpkgs/nixos/modules')

diff --git a/nixpkgs/nixos/modules/config/update-users-groups.pl b/nixpkgs/nixos/modules/config/update-users-groups.pl
index ef5e6346f02e..c1d6a079dee1 100644
--- a/nixpkgs/nixos/modules/config/update-users-groups.pl
+++ b/nixpkgs/nixos/modules/config/update-users-groups.pl
@@ -1,4 +1,5 @@
 use strict;
+use File::Basename;
 use File::Path qw(make_path);
 use File::Slurp;
 use JSON;
@@ -213,7 +214,8 @@ foreach my $u (@{$spec->{users}}) {
 
     # Create a home directory.
     if ($u->{createHome}) {
-        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
+        make_path(dirname($u->{home}), { mode => 0755 });
+        mkdir $u->{home}, 0700 if ! -e $u->{home};
         chown $u->{uid}, $u->{gid}, $u->{home};
     }
 
-- 
cgit 1.4.1