Browse Source

daemon: Set the umask to 022 when starting.

* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call.
* test-env.in: Remove use of 'umask'.
gn-latest-20200428
Ludovic Courtès 8 years ago
parent
commit
b49632e793
  1. 6
      nix/nix-daemon/guix-daemon.cc
  2. 4
      test-env.in

6
nix/nix-daemon/guix-daemon.cc

@ -29,6 +29,7 @@
#include <argp.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <exception>
/* Variables used by `nix-daemon.cc'. */
@ -194,6 +195,11 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
/* Set the umask so that the daemon does not end up creating group-writable
files, which would lead to "suspicious ownership or permission" errors.
See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
umask (S_IWGRP | S_IWOTH);
#ifdef HAVE_CHROOT
settings.useChroot = true;
#else

4
test-env.in

@ -56,10 +56,6 @@ then
# Do that because store.scm calls `canonicalize-path' on it.
mkdir -p "$NIX_STORE_DIR"
# Set the umask to avoid "suspicious ownership or permission" errors.
# See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.
umask 0022
# Launch the daemon without chroot support because is may be
# unavailable, for instance if we're not running as root.
"@abs_top_builddir@/pre-inst-env" \

Loading…
Cancel
Save