diff options
author | Niklas Hambüchen <mail@nh2.me> | 2017-04-01 14:42:21 +0200 |
---|---|---|
committer | Niklas Hambüchen <mail@nh2.me> | 2017-04-01 15:22:01 +0200 |
commit | ee0f3e7ad9aa61f02283eb1c18f670703eea20ca (patch) | |
tree | ecaeaa0d3c9ec95d2d6171829c443ae66128d66a /nixos/modules/security | |
parent | b78f16b33772722d19c9cbe4145953f9c4b76fc8 (diff) | |
download | nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.tar nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.tar.gz nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.tar.bz2 nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.tar.lz nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.tar.xz nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.tar.zst nixlib-ee0f3e7ad9aa61f02283eb1c18f670703eea20ca.zip |
acme: Use `chown -R` for challenges directory. Fixes #24529.
Commit 75f131da02c00027b9a8240fb74d117cb0f9d9cf added `chown 'nginx:nginx' '/var/lib/acme'` to the pre-start script, but since it doesn't use `chown -R`, it is possible that there are older existing subdirs (like `acme-challenge`) that are owned to `root` from before that commit went it.
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/acme.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 703d5ddbd0e2..ada198e0e586 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -178,7 +178,7 @@ in path = [ pkgs.simp_le ]; preStart = '' mkdir -p '${cfg.directory}' - chown '${data.user}:${data.group}' '${cfg.directory}' + chown -R '${data.user}:${data.group}' '${cfg.directory}' if [ ! -d '${cpath}' ]; then mkdir '${cpath}' fi |