Revert "nixos/ddclient: fix permission for ddclient.conf (#148179)"
This reverts commit 6af3d13bec9b13e8fa8e19594ffbcbe085387bdd. Reported by @arcnmx (https://github.com/NixOS/nixpkgs/pull/148179#issuecomment-987197656): Does this not completely break the service? It doesn't change the owner to the same as the ddclient server (which is somewhat difficult due to it being a DynamicUser), so this now makes the service completely unusable because the config is only readable by its owner, root: ddclient[871397]: WARNING: file /run/ddclient/ddclient.conf: Cannot open file '/run/ddclient/ddclient.conf'. (Permission denied) Given that the RuntimeDirectory was only readable by the ddclient service, the warning this PR fixes was spurious and not indicative of an actual information leak. I'm not sure of what a quick fix would be due to DynamicUser, but would at least request a revert of this so the service can work again?
This commit is contained in:
parent
075b4b7e38
commit
8eb814e964
@ -29,7 +29,7 @@ let
|
||||
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
|
||||
|
||||
preStart = ''
|
||||
install --mode=0400 ${configFile} /run/${RuntimeDirectory}/ddclient.conf
|
||||
install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
|
||||
${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then ''
|
||||
password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")")
|
||||
sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf
|
||||
|
Loading…
Reference in New Issue
Block a user