nixos/users-groups: don't default users.users.<name>.group to nogroup
this is unsafe, as many distinct services may be running as the same nogroup group.
This commit is contained in:
parent
8a2ec31e22
commit
0f15a8f489
1 changed files with 11 additions and 1 deletions
|
@ -123,7 +123,7 @@ let
|
|||
group = mkOption {
|
||||
type = types.str;
|
||||
apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
|
||||
default = "nogroup";
|
||||
default = "";
|
||||
description = "The user's primary group.";
|
||||
};
|
||||
|
||||
|
@ -638,6 +638,16 @@ in {
|
|||
Exactly one of users.users.${user.name}.isSystemUser and users.users.${user.name}.isNormalUser must be set.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = user.group != "";
|
||||
message = ''
|
||||
users.users.${user.name}.group is unset. This used to default to
|
||||
nogroup, but this is unsafe. For example you can create a group
|
||||
for this user with:
|
||||
users.users.${user.name}.group = "${user.name}";
|
||||
users.groups.${user.name} = {};
|
||||
'';
|
||||
}
|
||||
]
|
||||
));
|
||||
|
||||
|
|
Loading…
Reference in a new issue