Re: Changing permissions of files created with simple-service etc-servic

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing permissions of files created with simple-service etc-servic

From:	Josua Stingelin
Subject:	Re: Changing permissions of files created with simple-service etc-service-type
Date:	Wed, 16 Feb 2022 16:41:50 +0100

> > I'm using the etc-service-type of the simple-service to copy the file. Which
> > works great. But sadly grants read-access to everyone. I'd prefer it only be
> > readable by root.
> >
> > How can I achieve that?
> 
> Currently ‘etc-service-type’ does not let you specify permissions.  All
> the files that end up in /etc first go through the store though, so
> changing the permission of those files once copied under /etc wouldn’t
> buy you much in terms of confidentiality.  For example, there’s a copy
> of ‘wpa_supplicant.conf’ above in your store.  For that reason, files
> containing secrets must be handled “out of band”, without Guix support.
> 
> I guess changing permissions for /etc could still be useful for those
> programs that verify permission bits and refuse to start if the config
> file is readable by all.  However, those programs may have a good reason
> to verify that, so…
> 
> Thoughts?

I see. Thanks for the clarification! I will try that approach.

[Prev in Thread]

Current Thread

[Next in Thread]

Changing permissions of files created with simple-service etc-service-type, Josua Stingelin, 2022/02/11
- Re: Changing permissions of files created with simple-service etc-service-type, Ludovic Courtès, 2022/02/14
  - Re: Changing permissions of files created with simple-service etc-service-type, Josua Stingelin <=

Prev by Date: Re: Investigating a reproducibility failure
Next by Date: Re: seatd-service-type
Previous by thread: Re: Changing permissions of files created with simple-service etc-service-type
Next by thread: seatd-service-type
Index(es):
- Date
- Thread