Hi Guix,
Issue 56444 (
https://issues.guix.gnu.org/56444) was caused by the activate-users+groups procedure in (gnu build activation) unconditionally setting all user home directory permission bits to 700. The fix for that bug was to set the bits for a particular user to 750 in a service activation script. The fix is quite imperfect, however, because during system reconfiguration the bits are temporarily reset back to 700 by activate-users+groups, breaking Guix's promise of atomicity. The proper fix would be to add something like a 'home-directory-permission-bits' field to <user-account>, which defaults to 700, and have activate-users+groups use that value. This way, there will no longer be an unknown amount of time where the bits are reset and potentially breaking some service during that time.
It seems that there is already some support for implementing such a change and I am happy to do the work, but I wanted to ask: Are there any gotchas or issues I should be aware of? It seems straightforward to me but I haven't made modifications to the system code in years. I don't want to be the reason 'guix system reconfigure' fails for someone. :)
Thanks,
- Dave