/home/user permissions

I would like to grant users in the “users” group permission to see other users directories. I can do this manually with chmod g+rx /home/userX but every time I reconfigure the system the permissions are retest.
The users are created with

users.users.userX = {
    isNormalUser = true;
    home = "/home/userX";
    description = "X";
    uid = 100X;
    extraGroups = [ "users" ];

and the “home” with

fileSystems."/home" = {
    device = "/dev/pool/home";
    fsType = "ext4";

Is there some option I can use?

As I understand 0700 is hardcoded at nixpkgs/update-users-groups.pl at 2e8714c5fce5eda820dbc542afbf5a7e3f026aa2 · NixOS/nixpkgs · GitHub and has no configuration to alter it. I did something similar locally as:

  system.activationScripts.foo_home_read = pkgs.lib.stringAfter [ "users" ]
      chmod g+rx /home/foo

I’d say it would be useful to have a users.users knob.

I agree that a configuration option in users.users would be nice.

Thanks for the clarification and the workaround.

I’ve created a PR adding an option to specify the home mode

1 Like