nixpkgs/nixos/tests/user-home-mode.nix
Tom Butler e7e8ad1e35
nixos: Set home directory parent tree permissions to 0755
When the user's home directory is created using `createHome` e.g.

```
users.users.alice = {
    home = "/users/alice";
    createHome = true;
};
```

The `/users` directory was created with the same permissions as `/users/alice`, `0700` by default.

The parent directory `/users` permissions results in `createHome` creating a home directory that is inaccessible to the user:

```
$ su alice
$ cd /user/alice
cd: permission denied: /users/alice
```

The underlying cause is `make_path($u->{home}, { mode => oct($u->{homeMode}) })` which sets, in the example above`, `/users` to `0700`. Instead it should be `0755` like other system directories `/var`, `/dev`, etc.
2024-07-09 23:09:09 +02:00

35 lines
1 KiB
Nix

import ./make-test-python.nix ({ lib, ... }: {
name = "user-home-mode";
meta = with lib.maintainers; { maintainers = [ fbeffa ]; };
nodes.machine = {
users.users.alice = {
initialPassword = "pass1";
isNormalUser = true;
};
users.users.bob = {
initialPassword = "pass2";
isNormalUser = true;
homeMode = "750";
};
users.users.carol = {
initialPassword = "pass3";
isNormalUser = true;
createHome = true;
home = "/users/carol";
};
};
testScript = ''
machine.wait_for_unit("multi-user.target")
machine.wait_for_unit("getty@tty1.service")
machine.wait_until_tty_matches("1", "login: ")
machine.send_chars("alice\n")
machine.wait_until_tty_matches("1", "Password: ")
machine.send_chars("pass1\n")
machine.succeed('[ "$(stat -c %a /home/alice)" == "700" ]')
machine.succeed('[ "$(stat -c %a /home/bob)" == "750" ]')
machine.succeed('[ "$(stat -c %a /users)" == "755" ]')
machine.succeed('[ "$(stat -c %a /users/carol)" == "700" ]')
'';
})