From e9a5eebc785cb843034b38c5c5a6dd10904bdf2a Mon Sep 17 00:00:00 2001
From: David Thompson <dthompson2@worcester.edu>
Date: Sat, 14 Jan 2023 10:53:16 -0500
Subject: gnu: system: Add home-directory-permissions field to <user-account>.

* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.

Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
---
 gnu/build/activation.scm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'gnu/build')

diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index eea2233563..fd043ca131 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -162,14 +162,14 @@ owner-writable in HOME."
 group records) are all available."
   (define (make-home-directory user)
     (let ((home (user-account-home-directory user))
+          (home-permissions (user-account-home-directory-permissions user))
           (pwd  (getpwnam (user-account-name user))))
       (mkdir-p home)
 
       ;; Always set ownership and permissions for home directories of system
-      ;; accounts.  If a service needs looser permissions on its home
-      ;; directories, it can always chmod it in an activation snippet.
+      ;; accounts.
       (chown home (passwd:uid pwd) (passwd:gid pwd))
-      (chmod home #o700)))
+      (chmod home home-permissions)))
 
   (define system-accounts
     (filter (lambda (user)
-- 
cgit v1.2.3