[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changing permissions of files created with simple-service etc-servic
From: |
Josua Stingelin |
Subject: |
Re: Changing permissions of files created with simple-service etc-service-type |
Date: |
Wed, 16 Feb 2022 16:41:50 +0100 |
> > I'm using the etc-service-type of the simple-service to copy the file. Which
> > works great. But sadly grants read-access to everyone. I'd prefer it only be
> > readable by root.
> >
> > How can I achieve that?
>
> Currently ‘etc-service-type’ does not let you specify permissions. All
> the files that end up in /etc first go through the store though, so
> changing the permission of those files once copied under /etc wouldn’t
> buy you much in terms of confidentiality. For example, there’s a copy
> of ‘wpa_supplicant.conf’ above in your store. For that reason, files
> containing secrets must be handled “out of band”, without Guix support.
>
> I guess changing permissions for /etc could still be useful for those
> programs that verify permission bits and refuse to start if the config
> file is readable by all. However, those programs may have a good reason
> to verify that, so…
>
> Thoughts?
I see. Thanks for the clarification! I will try that approach.