diff options
| author | Guillaume Girol <symphorien@users.noreply.github.com> | 2021-09-13 18:29:21 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-13 18:29:21 +0000 |
| commit | 359203459580a280ae4962d7f7cece321525b872 (patch) | |
| tree | 5e280c2af8a02a984cc0fa03d3caa87efacc513f /nixos/doc | |
| parent | dddf775e4c938b8ae4b0ecfae6ee3d37a850b19e (diff) | |
| parent | 27f0f8965b91cf8b462fd0ff5a15cbe27746c4c5 (diff) | |
| download | nixpkgs-359203459580a280ae4962d7f7cece321525b872.tar nixpkgs-359203459580a280ae4962d7f7cece321525b872.tar.gz nixpkgs-359203459580a280ae4962d7f7cece321525b872.tar.bz2 nixpkgs-359203459580a280ae4962d7f7cece321525b872.tar.lz nixpkgs-359203459580a280ae4962d7f7cece321525b872.tar.xz nixpkgs-359203459580a280ae4962d7f7cece321525b872.tar.zst nixpkgs-359203459580a280ae4962d7f7cece321525b872.zip | |
Merge pull request #133166 from symphorien/nonogroup
Don't default to nogroup for the primary group of users.
Diffstat (limited to 'nixos/doc')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2111.section.xml | 27 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2111.section.md | 19 |
2 files changed, 46 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 6eaba9111a2..a150e6af717 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -369,6 +369,33 @@ Superuser created successfully. </listitem> <listitem> <para> + <link xlink:href="options.html#opt-users.users._name_.group">users.users.<name>.group</link> + no longer defaults to <literal>nogroup</literal>, which was + insecure. Out-of-tree modules are likely to require + adaptation: instead of + </para> + <programlisting language="bash"> +{ + users.users.foo = { + isSystemUser = true; + }; +} +</programlisting> + <para> + also create a group for your user: + </para> + <programlisting language="bash"> +{ + users.users.foo = { + isSystemUser = true; + group = "foo"; + }; + users.groups.foo = {}; +} +</programlisting> + </listitem> + <listitem> + <para> <literal>services.geoip-updater</literal> was broken and has been replaced by <link xlink:href="options.html#opt-services.geoipupdate.enable">services.geoipupdate</link>. diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index b77bd30ea17..56ef6320ac0 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -136,6 +136,25 @@ subsonic-compatible api. Available as [navidrome](#opt-services.navidrome.enable - The `erigon` ethereum node has moved it's database location in `2021-08-03`, users upgrading must manually move their chaindata (see [release notes](https://github.com/ledgerwatch/erigon/releases/tag/v2021.08.03)). +- [users.users.<name>.group](options.html#opt-users.users._name_.group) no longer defaults to `nogroup`, which was insecure. Out-of-tree modules are likely to require adaptation: instead of + ```nix + { + users.users.foo = { + isSystemUser = true; + }; + } + ``` + also create a group for your user: + ```nix + { + users.users.foo = { + isSystemUser = true; + group = "foo"; + }; + users.groups.foo = {}; + } + ``` + - `services.geoip-updater` was broken and has been replaced by [services.geoipupdate](options.html#opt-services.geoipupdate.enable). - PHP 7.3 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 21.11 release. |