Emile Clark-Boman
f109744b87
rereading this now I don't fully agree with the home perms section... oops
1.4 KiB
1.4 KiB
Migrate to a Newer Version of Nixpkgs
# Determine the channel name you're using
nix-channel --list
nix-channel --remove <OLD_CHANNEL>
nix-channel --add <NEW_CHANNEL> # ie https://nixos.org/channels/nixos-25.05
nix-channel --update
# Now upgrade system profile (log to file in case of failure)
nixos-rebuild boot --upgrade | tee rebuild.log
Security Implications
NixOS Default Home Permissions
# Executing from $HOME
>>> mkdir example.d && ls -l example.d
-rw-r--r-- 1 me users 1 Jul 25 10:13 example.d
>>> echo > example.f && ls -l example.f
-rw-r--r-- 1 me users 1 Jul 25 10:15 example.f
## But these ignore facl?
>>> getfacl "$HOME"
# file: home/me
# owner: me
# group: users
user::rwx
group::---
other::---
Many commands default to permissions that ignore the file access control listl (file ACLs).
This is not a NixOS specific issue. However this isn't ideal from a security perspective.
The simplest solution is a recursive chmod -R 600 ~ but there are plenty of files we
intentionally want to be different.
[!TODO] Solution: Make a Nix/Home-Manager package allowing for control over folder permissions. SOlution: Also it should warn if any files owned by $USER have a 2
Further Reading
Finding New Things to Do
man 5 configuration.nix is incredibly useful
similar info can be found at https://mynixos.com/options