diff options
| author | Bjørn Forsman <bjorn.forsman@gmail.com> | 2016-12-16 22:28:58 +0100 |
|---|---|---|
| committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2016-12-16 23:04:42 +0100 |
| commit | ebe67d69d021e8970c717ac05195c07bae33b270 (patch) | |
| tree | 443975801699b2c5625e27e4b1d0ceb43c16d240 /nixos/modules/services | |
| parent | e18dac705ad36482880e23d0a89c60c3514cb446 (diff) | |
| download | nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.tar nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.tar.gz nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.tar.bz2 nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.tar.lz nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.tar.xz nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.tar.zst nixpkgs-ebe67d69d021e8970c717ac05195c07bae33b270.zip | |
collectd service: change /var/lib/collectd perms: 700 -> 755
The collectd service runs as an unprivileged user by default, so it does not leak more information to its data directory than any user can obtain elsewhere by other means. If people are running it as root and are worried about information leak, we can add collectd group and set perms to 750. CC @offlinehacker. Fixes #21198.
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/monitoring/collectd.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 01c6fb81766..641da60e9ad 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -108,7 +108,8 @@ in { }; preStart = '' - mkdir -m 0700 -p ${cfg.dataDir} + mkdir -p ${cfg.dataDir} + chmod 755 ${cfg.dataDir} install -D /dev/null ${cfg.pidFile} if [ "$(id -u)" = 0 ]; then chown -R ${cfg.user} ${cfg.dataDir}; |