diff options
author | Peter Bex <peter@more-magic.net> | 2016-04-15 20:53:17 +0200 |
---|---|---|
committer | Peter Bex <peter@more-magic.net> | 2016-04-15 20:53:17 +0200 |
commit | a8b72e64c88182f0ed6e68b778a91b52c3298b4b (patch) | |
tree | 14e9e7488c6fddf0ab4a0b66110d6c2eebf8ce1d | |
parent | 4771c015187292a1cea5932faa195ac22cb1a6be (diff) | |
download | vps-builder-a8b72e64c88182f0ed6e68b778a91b52c3298b4b.tar.gz |
Set permissions of homedirs for newly created users to 700, so nobody
else has access to them by default.
-rw-r--r-- | vps-builder.scm | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/vps-builder.scm b/vps-builder.scm index da27135..cd6d8e4 100644 --- a/vps-builder.scm +++ b/vps-builder.scm @@ -273,6 +273,7 @@ ;; password would be *locked*, which means "passwd" will prompt ;; for a password, but there's none, so it can't be changed. (run* (chroot ,root-dir useradd -p "" -m -G ,cs-groups ,user)) + (change-file-mode ~ #o700) ; Lock down homedir (install-directory root-dir ~/.ssh user user #o700) (install-file root-dir pubkey (make-pathname ~/.ssh "authorized_keys") |