forked from mirrors/nixpkgs
Merge pull request #168168 from fedeinthemix/home-mode
nixos/users-group: Add 'homeMode' option.
This commit is contained in:
Janne Heß
GitHub
commit
e9bdd5fa74
|
|
@ -223,10 +223,10 @@ foreach my $u (@{$spec->{users}}) {
|
|||
}
|
||||
|
||||
# Ensure home directory incl. ownership and permissions.
|
||||
if ($u->{createHome}) {
|
||||
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry;
|
||||
if ($u->{createHome} and !$is_dry) {
|
||||
make_path($u->{home}, { mode => oct($u->{homeMode}) }) if ! -e $u->{home};
|
||||
chown $u->{uid}, $u->{gid}, $u->{home};
|
||||
chmod 0700, $u->{home};
|
||||
chmod oct($u->{homeMode}), $u->{home};
|
||||
}
|
||||
|
||||
if (defined $u->{passwordFile}) {
|
||||
|
|
|
|||
|
|
@ -139,6 +139,12 @@ let
|
|||
description = "The user's home directory.";
|
||||
};
|
||||
|
||||
homeMode = mkOption {
|
||||
type = types.strMatching "[0-7]{1,5}";
|
||||
default = "700";
|
||||
description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if <option>users.users.<name>.createHome</option> is true.";
|
||||
};
|
||||
|
||||
cryptHomeLuks = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
|
|
@ -319,6 +325,7 @@ let
|
|||
group = mkDefault "users";
|
||||
createHome = mkDefault true;
|
||||
home = mkDefault "/home/${config.name}";
|
||||
homeMode = mkDefault "700";
|
||||
useDefaultShell = mkDefault true;
|
||||
isSystemUser = mkDefault false;
|
||||
})
|
||||
|
|
@ -430,7 +437,7 @@ let
|
|||
inherit (cfg) mutableUsers;
|
||||
users = mapAttrsToList (_: u:
|
||||
{ inherit (u)
|
||||
name uid group description home createHome isSystemUser
|
||||
name uid group description home homeMode createHome isSystemUser
|
||||
password passwordFile hashedPassword
|
||||
autoSubUidGidRange subUidRanges subGidRanges
|
||||
initialPassword initialHashedPassword;
|
||||
|
|
|
|||
|
|
@ -580,6 +580,7 @@ in
|
|||
uptermd = handleTest ./uptermd.nix {};
|
||||
usbguard = handleTest ./usbguard.nix {};
|
||||
user-activation-scripts = handleTest ./user-activation-scripts.nix {};
|
||||
user-home-mode = handleTest ./user-home-mode.nix {};
|
||||
uwsgi = handleTest ./uwsgi.nix {};
|
||||
v2ray = handleTest ./v2ray.nix {};
|
||||
vault = handleTest ./vault.nix {};
|
||||
|
|
|
|||
27
nixos/tests/user-home-mode.nix
Normal file
27
nixos/tests/user-home-mode.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
import ./make-test-python.nix ({ lib, ... }: {
|
||||
name = "user-home-mode";
|
||||
meta = with lib.maintainers; { maintainers = [ fbeffa ]; };
|
||||
|
||||
nodes.machine = {
|
||||
users.users.alice = {
|
||||
initialPassword = "pass1";
|
||||
isNormalUser = true;
|
||||
};
|
||||
users.users.bob = {
|
||||
initialPassword = "pass2";
|
||||
isNormalUser = true;
|
||||
homeMode = "750";
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("multi-user.target")
|
||||
machine.wait_for_unit("getty@tty1.service")
|
||||
machine.wait_until_tty_matches(1, "login: ")
|
||||
machine.send_chars("alice\n")
|
||||
machine.wait_until_tty_matches(1, "Password: ")
|
||||
machine.send_chars("pass1\n")
|
||||
machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
|
||||
machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
|
||||
'';
|
||||
})
|
||||
Loading…
Reference in a new issue