colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/users-groups: don't default users.users.<name>.group to nogroup

Browse Source 
this is unsafe, as many distinct services may be running as the same
nogroup group.
This commit is contained in:
Guillaume Girol 2021-08-08 12:00:00 +00:00
parent 8a2ec31e22
commit 0f15a8f489
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/config/users-groups.nix
View File

@ -123,7 +123,7 @@ let
group = mkOption { group = mkOption {
type = types.str; type = types.str;
apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x; apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
default = "nogroup"; default = "";
description = "The user's primary group."; description = "The user's primary group.";
}; };
@ -638,6 +638,16 @@ in {
Exactly one of users.users.${user.name}.isSystemUser and users.users.${user.name}.isNormalUser must be set. Exactly one of users.users.${user.name}.isSystemUser and users.users.${user.name}.isNormalUser must be set.
''; '';
} }
{
assertion = user.group != "";
message = ''
users.users.${user.name}.group is unset. This used to default to
nogroup, but this is unsafe. For example you can create a group
for this user with:
users.users.${user.name}.group = "${user.name}";
users.groups.${user.name} = {};
'';
}
] ]
)); ));