From 41db5a756369f5b14d1e67a523ee0940cad56744 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Tue, 30 May 2017 17:40:39 +0200
Subject: activation: Change permissions on /root to #o700.

Reported by Alex Griffin <a@ajgrf.com>.
Fixes <http://bugs.gnu.org/27135>.

* gnu/build/activation.scm (add-user): When UID is zero, add 'chmod'
call.
* gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
---
 gnu/tests/base.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'gnu/tests/base.scm')

diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index e5ac320b74..f5bbfafee3 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -199,6 +199,15 @@ (define (user-owned? file)
                          ',users+homes))
                marionette)))
 
+          (test-equal "permissions on /root"
+            #o700
+            (let ((root-home #$(any (lambda (account)
+                                      (and (zero? (user-account-uid account))
+                                           (user-account-home-directory
+                                            account)))
+                                    (operating-system-user-accounts os))))
+              (stat:perms (marionette-eval `(stat ,root-home) marionette))))
+
           (test-equal "no extra home directories"
             '()
 
-- 
cgit v1.2.3