aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Thompson <dthompson2@worcester.edu>2023-01-14 10:53:16 -0500
committerJosselin Poiret <dev@jpoiret.xyz>2023-08-25 15:12:54 +0200
commite9a5eebc785cb843034b38c5c5a6dd10904bdf2a (patch)
tree3e4a142df6bc9a702ba20875b0f4f7bda98018bd
parent6c447ababfb11581a75cff8281e96f701e216692 (diff)
downloadguix-e9a5eebc785cb843034b38c5c5a6dd10904bdf2a.tar
guix-e9a5eebc785cb843034b38c5c5a6dd10904bdf2a.tar.gz
gnu: system: Add home-directory-permissions field to <user-account>.
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New field. (user-account-home-directory-permissions): New accessor. * gnu/build/activation.scm (activate-users+groups): Use home directory permission bits from the user account object. * doc/guix.texi (User Accounts): Document new field. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
-rw-r--r--doc/guix.texi4
-rw-r--r--gnu/build/activation.scm6
-rw-r--r--gnu/system/accounts.scm3
3 files changed, 10 insertions, 3 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index f03a88482e..c60e0b87b2 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18049,6 +18049,10 @@ administrator's choice; reconfiguring does @emph{not} change their name.
@item @code{home-directory}
This is the name of the home directory for the account.
+@item @code{home-directory-permissions} (default: @code{#o700})
+The permission bits for the home directory. By default, full access is
+granted to the user account and all other access is denied.
+
@item @code{create-home-directory?} (default: @code{#t})
Indicates whether the home directory of this account should be created
if it does not exist yet.
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index eea2233563..fd043ca131 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -162,14 +162,14 @@ owner-writable in HOME."
group records) are all available."
(define (make-home-directory user)
(let ((home (user-account-home-directory user))
+ (home-permissions (user-account-home-directory-permissions user))
(pwd (getpwnam (user-account-name user))))
(mkdir-p home)
;; Always set ownership and permissions for home directories of system
- ;; accounts. If a service needs looser permissions on its home
- ;; directories, it can always chmod it in an activation snippet.
+ ;; accounts.
(chown home (passwd:uid pwd) (passwd:gid pwd))
- (chmod home #o700)))
+ (chmod home home-permissions)))
(define system-accounts
(filter (lambda (user)
diff --git a/gnu/system/accounts.scm b/gnu/system/accounts.scm
index e37b733c6d..15b2afe266 100644
--- a/gnu/system/accounts.scm
+++ b/gnu/system/accounts.scm
@@ -29,6 +29,7 @@
user-account-supplementary-groups
user-account-comment
user-account-home-directory
+ user-account-home-directory-permissions
user-account-create-home-directory?
user-account-shell
user-account-system?
@@ -70,6 +71,8 @@
(comment user-account-comment (default ""))
(home-directory user-account-home-directory (thunked)
(default (default-home-directory this-record)))
+ (home-directory-permissions user-account-home-directory-permissions
+ (default #o700))
(create-home-directory? user-account-create-home-directory? ;Boolean
(default #t))
(shell user-account-shell ; gexp