diff options
author | Bjørn Forsman <bjorn.forsman@gmail.com> | 2021-12-07 10:15:34 +0100 |
---|---|---|
committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2021-12-07 19:44:20 +0100 |
commit | 8eb814e964bb89e7f996258803626d5d1aa54726 (patch) | |
tree | a1bb8a2f550de3f4359b2401c169cca27419f9a9 /nixos/modules/services/networking/ddclient.nix | |
parent | 075b4b7e3873f7d8dbc1674843232271c57246ab (diff) |
Revert "nixos/ddclient: fix permission for ddclient.conf (#148179)"
This reverts commit 6af3d13bec9b13e8fa8e19594ffbcbe085387bdd. Reported by @arcnmx (https://github.com/NixOS/nixpkgs/pull/148179#issuecomment-987197656): Does this not completely break the service? It doesn't change the owner to the same as the ddclient server (which is somewhat difficult due to it being a DynamicUser), so this now makes the service completely unusable because the config is only readable by its owner, root: ddclient[871397]: WARNING: file /run/ddclient/ddclient.conf: Cannot open file '/run/ddclient/ddclient.conf'. (Permission denied) Given that the RuntimeDirectory was only readable by the ddclient service, the warning this PR fixes was spurious and not indicative of an actual information leak. I'm not sure of what a quick fix would be due to DynamicUser, but would at least request a revert of this so the service can work again?
Diffstat (limited to 'nixos/modules/services/networking/ddclient.nix')
-rw-r--r-- | nixos/modules/services/networking/ddclient.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 021b28d5c34f2..8a2c0fc7080cf 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -29,7 +29,7 @@ let configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; preStart = '' - install --mode=0400 ${configFile} /run/${RuntimeDirectory}/ddclient.conf + install ${configFile} /run/${RuntimeDirectory}/ddclient.conf ${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then '' password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")") sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf |