diff options
author | David Thompson <dthompson2@worcester.edu> | 2023-01-14 10:53:16 -0500 |
---|---|---|
committer | Josselin Poiret <dev@jpoiret.xyz> | 2023-08-25 15:12:54 +0200 |
commit | e9a5eebc785cb843034b38c5c5a6dd10904bdf2a (patch) | |
tree | 3e4a142df6bc9a702ba20875b0f4f7bda98018bd | |
parent | 6c447ababfb11581a75cff8281e96f701e216692 (diff) | |
download | guix-e9a5eebc785cb843034b38c5c5a6dd10904bdf2a.tar guix-e9a5eebc785cb843034b38c5c5a6dd10904bdf2a.tar.gz |
gnu: system: Add home-directory-permissions field to <user-account>.
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
-rw-r--r-- | doc/guix.texi | 4 | ||||
-rw-r--r-- | gnu/build/activation.scm | 6 | ||||
-rw-r--r-- | gnu/system/accounts.scm | 3 |
3 files changed, 10 insertions, 3 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index f03a88482e..c60e0b87b2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -18049,6 +18049,10 @@ administrator's choice; reconfiguring does @emph{not} change their name. @item @code{home-directory} This is the name of the home directory for the account. +@item @code{home-directory-permissions} (default: @code{#o700}) +The permission bits for the home directory. By default, full access is +granted to the user account and all other access is denied. + @item @code{create-home-directory?} (default: @code{#t}) Indicates whether the home directory of this account should be created if it does not exist yet. diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index eea2233563..fd043ca131 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -162,14 +162,14 @@ owner-writable in HOME." group records) are all available." (define (make-home-directory user) (let ((home (user-account-home-directory user)) + (home-permissions (user-account-home-directory-permissions user)) (pwd (getpwnam (user-account-name user)))) (mkdir-p home) ;; Always set ownership and permissions for home directories of system - ;; accounts. If a service needs looser permissions on its home - ;; directories, it can always chmod it in an activation snippet. + ;; accounts. (chown home (passwd:uid pwd) (passwd:gid pwd)) - (chmod home #o700))) + (chmod home home-permissions))) (define system-accounts (filter (lambda (user) diff --git a/gnu/system/accounts.scm b/gnu/system/accounts.scm index e37b733c6d..15b2afe266 100644 --- a/gnu/system/accounts.scm +++ b/gnu/system/accounts.scm @@ -29,6 +29,7 @@ user-account-supplementary-groups user-account-comment user-account-home-directory + user-account-home-directory-permissions user-account-create-home-directory? user-account-shell user-account-system? @@ -70,6 +71,8 @@ (comment user-account-comment (default "")) (home-directory user-account-home-directory (thunked) (default (default-home-directory this-record))) + (home-directory-permissions user-account-home-directory-permissions + (default #o700)) (create-home-directory? user-account-create-home-directory? ;Boolean (default #t)) (shell user-account-shell ; gexp |