gnu: system: Add home-directory-permissions field to <user-account>.

* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New field. (user-account-home-directory-permissions): New accessor. * gnu/build/activation.scm (activate-users+groups): Use home directory permission bits from the user account object. * doc/guix.texi (User Accounts): Document new field. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2025-01-31 06:46:50 +01:00 · 2023-01-14 10:53:16 -05:00 · 2023-01-14 10:53:16 -05:00 · e9a5eebc78
commit e9a5eebc78
parent 6c447ababf
3 changed files with 10 additions and 3 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -18049,6 +18049,10 @@ administrator's choice; reconfiguring does @emph{not} change their name.
@item @code{home-directory}
 This is the name of the home directory for the account.
@item @code{home-directory-permissions} (default: @code{#o700})
 The permission bits for the home directory.  By default, full access is
 granted to the user account and all other access is denied.
@item @code{create-home-directory?} (default: @code{#t})
 Indicates whether the home directory of this account should be created
 if it does not exist yet.
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@ -162,14 +162,14 @@ (define (activate-users+groups users groups)
 group records) are all available."
  (define (make-home-directory user)
    (let ((home (user-account-home-directory user))
          (home-permissions (user-account-home-directory-permissions user))
          (pwd  (getpwnam (user-account-name user))))
      (mkdir-p home)
      ;; Always set ownership and permissions for home directories of system
-      ;; accounts.  If a service needs looser permissions on its home
+      ;; accounts.
      ;; directories, it can always chmod it in an activation snippet.
      (chown home (passwd:uid pwd) (passwd:gid pwd))
-      (chmod home #o700)))
+      (chmod home home-permissions)))
  (define system-accounts
    (filter (lambda (user)
--- a/gnu/system/accounts.scm
+++ b/gnu/system/accounts.scm
@ -29,6 +29,7 @@ (define-module (gnu system accounts)
            user-account-supplementary-groups
            user-account-comment
            user-account-home-directory
            user-account-home-directory-permissions
            user-account-create-home-directory?
            user-account-shell
            user-account-system?
@ -70,6 +71,8 @@ (define-record-type* <user-account>
  (comment        user-account-comment (default ""))
  (home-directory user-account-home-directory (thunked)
                  (default (default-home-directory this-record)))
  (home-directory-permissions user-account-home-directory-permissions
                              (default #o700))
  (create-home-directory? user-account-create-home-directory? ;Boolean
                          (default #t))
  (shell          user-account-shell              ; gexp