diff options
| author | Markus Kowalewski <markus.kowalewski@gmail.com> | 2018-11-06 21:59:29 +0100 |
|---|---|---|
| committer | Markus Kowalewski <markus.kowalewski@gmail.com> | 2018-11-06 21:59:29 +0100 |
| commit | a0371d476115a8fab54186664c9cca3d19e9537f (patch) | |
| tree | db3d24306e8d508fe680852f890cd3e893df74c8 /nixos/modules/services/backup/postgresql-backup.nix | |
| parent | 0d30f7b02307e39d0544022a03b450a1679ed068 (diff) | |
| download | nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.tar nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.tar.gz nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.tar.bz2 nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.tar.lz nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.tar.xz nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.tar.zst nixlib-a0371d476115a8fab54186664c9cca3d19e9537f.zip | |
nixos/postgresqlBackup: set to umask to 0077
* Ensure that the backup file is only readable by the owner * Add file permission test to tests
Diffstat (limited to 'nixos/modules/services/backup/postgresql-backup.nix')
| -rw-r--r-- | nixos/modules/services/backup/postgresql-backup.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix index 2ec78ce6f2cf..f9f9568faa5c 100644 --- a/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixos/modules/services/backup/postgresql-backup.nix @@ -20,6 +20,8 @@ let ''; script = '' + umask 0077 # ensure backup is only readable by postgres user + if [ -e ${cfg.location}/${db}.sql.gz ]; then ${pkgs.coreutils}/bin/mv ${cfg.location}/${db}.sql.gz ${cfg.location}/${db}.prev.sql.gz fi |