daemon: Set the umask to 022 when starting.

* nix/nix-daemon/guix-daemon.cc (main): Add 'umask' call.
* test-env.in: Remove use of 'umask'.
This commit is contained in:
Ludovic Courtès 2013-10-10 21:32:27 +02:00
parent 66fb2d23a3
commit b49632e793
2 changed files with 6 additions and 4 deletions

View file

@ -29,6 +29,7 @@
#include <argp.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <exception>
/* Variables used by `nix-daemon.cc'. */
@ -194,6 +195,11 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
/* Set the umask so that the daemon does not end up creating group-writable
files, which would lead to "suspicious ownership or permission" errors.
See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
umask (S_IWGRP | S_IWOTH);
#ifdef HAVE_CHROOT
settings.useChroot = true;
#else

View file

@ -56,10 +56,6 @@ then
# Do that because store.scm calls `canonicalize-path' on it.
mkdir -p "$NIX_STORE_DIR"
# Set the umask to avoid "suspicious ownership or permission" errors.
# See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>.
umask 0022
# Launch the daemon without chroot support because is may be
# unavailable, for instance if we're not running as root.
"@abs_top_builddir@/pre-inst-env" \