From 5a2c3352d8f8a08a5ba01542a3f282799e503d33 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Sun, 20 Aug 2023 02:00:00 +0200
Subject: [PATCH] Revert "gnu: system: Add home-directory-permissions field to
 <user-account>."

This reverts commit e9a5eebc785cb843034b38c5c5a6dd10904bdf2a, which
as far as I can tell breaks system roll-backs thusly:

[...]
In gnu/build/accounts.scm:
   239:27  3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
           2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
---
 doc/guix.texi            | 4 ----
 gnu/build/activation.scm | 6 +++---
 gnu/system/accounts.scm  | 3 ---
 3 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 6105195bd9..f82bb99069 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18057,10 +18057,6 @@ administrator's choice; reconfiguring does @emph{not} change their name.
 @item @code{home-directory}
 This is the name of the home directory for the account.
 
-@item @code{home-directory-permissions} (default: @code{#o700})
-The permission bits for the home directory.  By default, full access is
-granted to the user account and all other access is denied.
-
 @item @code{create-home-directory?} (default: @code{#t})
 Indicates whether the home directory of this account should be created
 if it does not exist yet.
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index fd043ca131..eea2233563 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -162,14 +162,14 @@ owner-writable in HOME."
 group records) are all available."
   (define (make-home-directory user)
     (let ((home (user-account-home-directory user))
-          (home-permissions (user-account-home-directory-permissions user))
           (pwd  (getpwnam (user-account-name user))))
       (mkdir-p home)
 
       ;; Always set ownership and permissions for home directories of system
-      ;; accounts.
+      ;; accounts.  If a service needs looser permissions on its home
+      ;; directories, it can always chmod it in an activation snippet.
       (chown home (passwd:uid pwd) (passwd:gid pwd))
-      (chmod home home-permissions)))
+      (chmod home #o700)))
 
   (define system-accounts
     (filter (lambda (user)
diff --git a/gnu/system/accounts.scm b/gnu/system/accounts.scm
index 15b2afe266..e37b733c6d 100644
--- a/gnu/system/accounts.scm
+++ b/gnu/system/accounts.scm
@@ -29,7 +29,6 @@
             user-account-supplementary-groups
             user-account-comment
             user-account-home-directory
-            user-account-home-directory-permissions
             user-account-create-home-directory?
             user-account-shell
             user-account-system?
@@ -71,8 +70,6 @@
   (comment        user-account-comment (default ""))
   (home-directory user-account-home-directory (thunked)
                   (default (default-home-directory this-record)))
-  (home-directory-permissions user-account-home-directory-permissions
-                              (default #o700))
   (create-home-directory? user-account-create-home-directory? ;Boolean
                           (default #t))
   (shell          user-account-shell              ; gexp