From 7fca8ceaf8fbb1fdb3e4dd08d40a8192281c3695 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Fri, 13 Jul 2012 10:41:48 -0400
Subject: [PATCH] /etc/login.defs: set the mode of new home directories to 700

---
 modules/programs/shadow.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/programs/shadow.nix b/modules/programs/shadow.nix
index 3a348818a97..869f4f85fb4 100644
--- a/modules/programs/shadow.nix
+++ b/modules/programs/shadow.nix
@@ -21,6 +21,9 @@ let
       TTYGROUP     tty
       TTYPERM      0620
 
+      # Ensure privacy for newly created home directories.
+      UMASK        077
+
       # Uncomment this to allow non-root users to change their account
       #information.  This should be made configurable.
       #CHFN_RESTRICT frwh