From f380194f3dac82e63dc72db160490dcb58208534 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 10:30:02 +1100 Subject: [PATCH] users: create users with home directory `/var/empty` by default --- modules/users/default.nix | 2 +- modules/users/user.nix | 8 +++----- tests/users-groups.nix | 2 +- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/modules/users/default.nix b/modules/users/default.nix index 58156d24..a945fb48 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -260,7 +260,7 @@ in "-UID" v.uid "-GID" v.gid ] ++ (lib.optionals (v.description != null) [ "-fullName" v.description ]) - ++ (lib.optionals (v.home != null) [ "-home" v.home ]) + ++ [ "-home" (if v.home != null then v.home else "/var/empty") ] ++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null # We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error diff --git a/modules/users/user.nix b/modules/users/user.nix index 72ae07b8..9689e052 100644 --- a/modules/users/user.nix +++ b/modules/users/user.nix @@ -58,11 +58,9 @@ description = '' The user's home directory. This defaults to `null`. - When this is set to `null`, the value is managed by macOS instead of - `nix-darwin`. This means if the user has not been created yet, - `sysadminctl` will be called without the `-home` flag which means the - user will have a default home directory of `/Users/` which will - be created by `sysadminctl`. + When this is set to `null`, if the user has not been created yet, + they will be created with the home directory `/var/empty` to match + the old default. ''; }; diff --git a/tests/users-groups.nix b/tests/users-groups.nix index 34ee5c24..81261057 100644 --- a/tests/users-groups.nix +++ b/tests/users-groups.nix @@ -51,7 +51,7 @@ grep "sysadminctl -addUser ${lib.escapeShellArgs [ "foo" "-UID" 42000 "-GID" 42000 "-fullName" "Foo user" "-home" "/Users/foo" "-shell" "/run/current-system/sw/bin/bash" ]}" ${config.out}/activate grep "createhomedir -cu ${lib.escapeShellArg "foo"}" ${config.out}/activate grep "sysadminctl -addUser ${lib.escapeShellArgs [ "created.user" "-UID" 42001 ]} .* ${lib.escapeShellArgs [ "-shell" "/usr/bin/false" ] }" ${config.out}/activate - (! grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* -home" ${config.out}/activate) + grep "sysadminctl -addUser ${lib.escapeShellArg "created.user"} .* ${lib.escapeShellArgs [ "-home" "/var/empty" ]}" ${config.out}/activate (! grep "dscl . -delete ${lib.escapeShellArg "/Users/created.user"}" ${config.out}/activate) (! grep "dscl . -delete ${lib.escapeShellArg "/Groups/created.user"}" ${config.out}/activate)