[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
06/08: gnu: system: Add home-directory-permissions field to <user-accoun
From: |
guix-commits |
Subject: |
06/08: gnu: system: Add home-directory-permissions field to <user-account>. |
Date: |
Fri, 25 Aug 2023 12:28:37 -0400 (EDT) |
jpoiret pushed a commit to branch master
in repository guix.
commit e9a5eebc785cb843034b38c5c5a6dd10904bdf2a
Author: David Thompson <dthompson2@worcester.edu>
AuthorDate: Sat Jan 14 10:53:16 2023 -0500
gnu: system: Add home-directory-permissions field to <user-account>.
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
---
doc/guix.texi | 4 ++++
gnu/build/activation.scm | 6 +++---
gnu/system/accounts.scm | 3 +++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index f03a88482e..c60e0b87b2 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18049,6 +18049,10 @@ administrator's choice; reconfiguring does @emph{not}
change their name.
@item @code{home-directory}
This is the name of the home directory for the account.
+@item @code{home-directory-permissions} (default: @code{#o700})
+The permission bits for the home directory. By default, full access is
+granted to the user account and all other access is denied.
+
@item @code{create-home-directory?} (default: @code{#t})
Indicates whether the home directory of this account should be created
if it does not exist yet.
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index eea2233563..fd043ca131 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -162,14 +162,14 @@ owner-writable in HOME."
group records) are all available."
(define (make-home-directory user)
(let ((home (user-account-home-directory user))
+ (home-permissions (user-account-home-directory-permissions user))
(pwd (getpwnam (user-account-name user))))
(mkdir-p home)
;; Always set ownership and permissions for home directories of system
- ;; accounts. If a service needs looser permissions on its home
- ;; directories, it can always chmod it in an activation snippet.
+ ;; accounts.
(chown home (passwd:uid pwd) (passwd:gid pwd))
- (chmod home #o700)))
+ (chmod home home-permissions)))
(define system-accounts
(filter (lambda (user)
diff --git a/gnu/system/accounts.scm b/gnu/system/accounts.scm
index e37b733c6d..15b2afe266 100644
--- a/gnu/system/accounts.scm
+++ b/gnu/system/accounts.scm
@@ -29,6 +29,7 @@
user-account-supplementary-groups
user-account-comment
user-account-home-directory
+ user-account-home-directory-permissions
user-account-create-home-directory?
user-account-shell
user-account-system?
@@ -70,6 +71,8 @@
(comment user-account-comment (default ""))
(home-directory user-account-home-directory (thunked)
(default (default-home-directory this-record)))
+ (home-directory-permissions user-account-home-directory-permissions
+ (default #o700))
(create-home-directory? user-account-create-home-directory? ;Boolean
(default #t))
(shell user-account-shell ; gexp
- branch master updated (1c916c167b -> 4fefbd4f14), guix-commits, 2023/08/25
- 03/08: build: Add dependency on guix script for help2man targets., guix-commits, 2023/08/25
- 02/08: image: Add mbr-raw-image-type and use by default., guix-commits, 2023/08/25
- 05/08: gnu: gcc-toolchain: Add empty librt.a., guix-commits, 2023/08/25
- 06/08: gnu: system: Add home-directory-permissions field to <user-account>.,
guix-commits <=
- 07/08: doc: Note that `guix shell` should contain base language packages., guix-commits, 2023/08/25
- 01/08: tests: guix-shell: Use bash instead of user's $SHELL., guix-commits, 2023/08/25
- 04/08: graph: Add GraphML backend., guix-commits, 2023/08/25
- 08/08: tests: guix-home: Fix description search for home-mcron., guix-commits, 2023/08/25