e7e8ad1e35
When the user's home directory is created using `createHome` e.g.
```
users.users.alice = {
home = "/users/alice";
createHome = true;
};
```
The `/users` directory was created with the same permissions as `/users/alice`, `0700` by default.
The parent directory `/users` permissions results in `createHome` creating a home directory that is inaccessible to the user:
```
$ su alice
$ cd /user/alice
cd: permission denied: /users/alice
```
The underlying cause is `make_path($u->{home}, { mode => oct($u->{homeMode}) })` which sets, in the example above`, `/users` to `0700`. Instead it should be `0755` like other system directories `/var`, `/dev`, etc.
36 lines
1.0 KiB
Nix
36 lines
1.0 KiB
Nix
import ./make-test-python.nix ({ lib, ... }: {
|
|
name = "user-home-mode";
|
|
meta = with lib.maintainers; { maintainers = [ fbeffa ]; };
|
|
|
|
nodes.machine = {
|
|
users.users.alice = {
|
|
initialPassword = "pass1";
|
|
isNormalUser = true;
|
|
};
|
|
users.users.bob = {
|
|
initialPassword = "pass2";
|
|
isNormalUser = true;
|
|
homeMode = "750";
|
|
};
|
|
users.users.carol = {
|
|
initialPassword = "pass3";
|
|
isNormalUser = true;
|
|
createHome = true;
|
|
home = "/users/carol";
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
machine.wait_for_unit("multi-user.target")
|
|
machine.wait_for_unit("getty@tty1.service")
|
|
machine.wait_until_tty_matches("1", "login: ")
|
|
machine.send_chars("alice\n")
|
|
machine.wait_until_tty_matches("1", "Password: ")
|
|
machine.send_chars("pass1\n")
|
|
machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
|
|
machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
|
|
machine.succeed('[ "$(stat -c %a /users)" == "755" ]')
|
|
machine.succeed('[ "$(stat -c %a /users/carol)" == "700" ]')
|
|
'';
|
|
})
|