diff options
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 9 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 2 | ||||
| -rw-r--r-- | nixos/modules/config/update-users-groups.pl | 2 | ||||
| -rw-r--r-- | nixos/modules/config/users-groups.nix | 15 |
4 files changed, 26 insertions, 2 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index fde5eec857b..c389d19de14 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -228,6 +228,15 @@ to your configuration. </para> </listitem> + <listitem> + <para> + Normal users (with <literal>isNormalUser = true</literal>) + which have non-empty <literal>subUidRanges</literal> or + <literal>subGidRanges</literal> set no longer have additional + implicit ranges allocated. To enable automatic allocation back + set <literal>autoSubUidGidRange = true</literal>. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-notable-changes"> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index f8145a1aa9d..c5da4acb87d 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -77,6 +77,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `documentation.man` has been refactored to support choosing a man implementation other than GNU's `man-db`. For this, `documentation.man.manualPages` has been renamed to `documentation.man.man-db.manualPages`. If you want to use the new alternative man implementation `mandoc`, add `documentation.man = { enable = true; man-db.enable = false; mandoc.enable = true; }` to your configuration. +- Normal users (with `isNormalUser = true`) which have non-empty `subUidRanges` or `subGidRanges` set no longer have additional implicit ranges allocated. To enable automatic allocation back set `autoSubUidGidRange = true`. + ## Other Notable Changes {#sec-release-22.05-notable-changes} - The option [services.redis.servers](#opt-services.redis.servers) was added diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl index 232f886789d..26ce561013b 100644 --- a/nixos/modules/config/update-users-groups.pl +++ b/nixos/modules/config/update-users-groups.pl @@ -351,7 +351,7 @@ foreach my $u (values %usersOut) { push @subGids, $value; } - if($u->{isNormalUser}) { + if($u->{autoSubUidGidRange}) { my $subordinate = allocSubUid($name); $subUidMap->{$name} = $subordinate; my $value = join(":", ($name, $subordinate, 65536)); diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index a34d2814341..2470d8b5bfe 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -204,6 +204,16 @@ let ''; }; + autoSubUidGidRange = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Automatically allocate subordinate user and group ids for this user. + Allocated range is currently always of size 65536. + ''; + }; + createHome = mkOption { type = types.bool; default = false; @@ -320,6 +330,9 @@ let (mkIf (!cfg.mutableUsers && config.initialHashedPassword != null) { hashedPassword = mkDefault config.initialHashedPassword; }) + (mkIf (config.isNormalUser && config.subUidRanges == [] && config.subGidRanges == []) { + autoSubUidGidRange = mkDefault true; + }) ]; }; @@ -419,7 +432,7 @@ let { inherit (u) name uid group description home createHome isSystemUser password passwordFile hashedPassword - isNormalUser subUidRanges subGidRanges + autoSubUidGidRange subUidRanges subGidRanges initialPassword initialHashedPassword; shell = utils.toShellPath u.shell; }) cfg.users; |