colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/users-group: Add 'homeMode' option.

Browse Source
This commit is contained in:
Federico Beffa 2022-04-10 21:06:19 +02:00
parent 9bce1fb5ac
commit 9fc01af1cc
4 changed files with 37 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/config/update-users-groups.pl
View File

@ -226,7 +226,7 @@ foreach my $u (@{$spec->{users}}) {
if ($u->{createHome}) { if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry; make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home} and ! $is_dry;
chown $u->{uid}, $u->{gid}, $u->{home}; chown $u->{uid}, $u->{gid}, $u->{home};
chmod 0700, $u->{home}; chmod oct($u->{homeMode}), $u->{home};
} }
if (defined $u->{passwordFile}) { if (defined $u->{passwordFile}) {

9
nixos/modules/config/users-groups.nix
View File

@ -139,6 +139,12 @@ let
description = "The user's home directory."; description = "The user's home directory.";
}; };
homeMode = mkOption {
type = types.strMatching "[0-7]{1,5}";
default = "700";
description = "The user's home directory mode in numeric format. See chmod(1).";
};
cryptHomeLuks = mkOption { cryptHomeLuks = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
@ -319,6 +325,7 @@ let
group = mkDefault "users"; group = mkDefault "users";
createHome = mkDefault true; createHome = mkDefault true;
home = mkDefault "/home/${config.name}"; home = mkDefault "/home/${config.name}";
homeMode = mkDefault "700";
useDefaultShell = mkDefault true; useDefaultShell = mkDefault true;
isSystemUser = mkDefault false; isSystemUser = mkDefault false;
}) })
@ -430,7 +437,7 @@ let
inherit (cfg) mutableUsers; inherit (cfg) mutableUsers;
users = mapAttrsToList (_: u: users = mapAttrsToList (_: u:
{ inherit (u) { inherit (u)
name uid group description home createHome isSystemUser name uid group description home homeMode createHome isSystemUser
password passwordFile hashedPassword password passwordFile hashedPassword
autoSubUidGidRange subUidRanges subGidRanges autoSubUidGidRange subUidRanges subGidRanges
initialPassword initialHashedPassword; initialPassword initialHashedPassword;

1
nixos/tests/all-tests.nix
View File

@ -556,6 +556,7 @@ in
upnp = handleTest ./upnp.nix {}; upnp = handleTest ./upnp.nix {};
usbguard = handleTest ./usbguard.nix {}; usbguard = handleTest ./usbguard.nix {};
user-activation-scripts = handleTest ./user-activation-scripts.nix {}; user-activation-scripts = handleTest ./user-activation-scripts.nix {};
user-home-mode = handleTest ./user-home-mode.nix {};
uwsgi = handleTest ./uwsgi.nix {}; uwsgi = handleTest ./uwsgi.nix {};
v2ray = handleTest ./v2ray.nix {}; v2ray = handleTest ./v2ray.nix {};
vault = handleTest ./vault.nix {}; vault = handleTest ./vault.nix {};

27
nixos/tests/user-home-mode.nix Normal file
View File

@ -0,0 +1,27 @@
import ./make-test-python.nix ({ lib, ... }: {
name = "user-home-mode";
meta = with lib.maintainers; { maintainers = [ fbeffa ]; };
nodes.machine = {
users.users.alice = {
initialPassword = "pass1";
isNormalUser = true;
};
users.users.bob = {
initialPassword = "pass2";
isNormalUser = true;
homeMode = "750";
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("getty@tty1.service")
machine.wait_until_tty_matches(1, "login: ")
machine.send_chars("alice\n")
machine.wait_until_tty_matches(1, "Password: ")
machine.send_chars("pass1\n")
machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
'';
})