diff options
| author | Bjørn Forsman <bjorn.forsman@gmail.com> | 2021-05-01 15:15:01 +0200 |
|---|---|---|
| committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2021-05-01 15:16:19 +0200 |
| commit | 225d915e5c4766281fa3d11a7dfe603c0adc963b (patch) | |
| tree | 6513d125b3dafdfb9751fb00a19fb0db724a1d0b /nixos | |
| parent | 7ee53c0c4fe28f81095298893c8c2fd4e7bc2886 (diff) | |
| download | nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.tar nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.tar.gz nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.tar.bz2 nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.tar.lz nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.tar.xz nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.tar.zst nixpkgs-225d915e5c4766281fa3d11a7dfe603c0adc963b.zip | |
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
I don't think there was a security issue here, but using 'install' is preferred. Ref #121293.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/scheduling/atd.nix | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix index cefe72b0e99..37f6651ec4c 100644 --- a/nixos/modules/services/scheduling/atd.nix +++ b/nixos/modules/services/scheduling/atd.nix @@ -81,14 +81,9 @@ in jobdir=/var/spool/atjobs etcdir=/etc/at - for dir in "$spooldir" "$jobdir" "$etcdir"; do - if [ ! -d "$dir" ]; then - mkdir -p "$dir" - chown atd:atd "$dir" - fi - done - chmod 1770 "$spooldir" "$jobdir" - ${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""} + install -dm755 -o atd -g atd "$etcdir" + spool_and_job_dir_perms=${if cfg.allowEveryone then "1777" else "1770"} + install -dm"$spool_and_job_dir_perms" -o atd -g atd "$spooldir" "$jobdir" if [ ! -f "$etcdir"/at.deny ]; then touch "$etcdir"/at.deny chown root:atd "$etcdir"/at.deny |