nixremote: fix up perms
This commit is contained in:
parent
3ff9c0ad0c
commit
f26b64c660
|
@ -8,6 +8,10 @@
|
||||||
users.users.nixremote = {
|
users.users.nixremote = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
home = "/home/nixremote";
|
home = "/home/nixremote";
|
||||||
|
# remove write permissions everywhere in the home dir.
|
||||||
|
# combined with an ownership of root:nixremote, that means not even nixremote can write anything below this directory
|
||||||
|
# (in which case, i'm not actually sure why nixremote needs a home)
|
||||||
|
homeMode = "550";
|
||||||
group = "nixremote";
|
group = "nixremote";
|
||||||
subUidRanges = [
|
subUidRanges = [
|
||||||
{ startUid=300000; count=1; }
|
{ startUid=300000; count=1; }
|
||||||
|
@ -24,7 +28,7 @@
|
||||||
fs."/".dir.acl = {
|
fs."/".dir.acl = {
|
||||||
# don't allow the user to write anywhere
|
# don't allow the user to write anywhere
|
||||||
user = "root";
|
user = "root";
|
||||||
group = "root";
|
group = "nixremote";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user