diff options
author | danbst <abcz2.uprola@gmail.com> | 2019-12-26 14:16:29 +0200 |
---|---|---|
committer | danbst <abcz2.uprola@gmail.com> | 2019-12-26 14:16:29 +0200 |
commit | 50d6e93dc8ce18c22f01989a92390ff21000191f (patch) | |
tree | 16f1aaa919164fd0e4bcc5944dc5a2cc42705732 /nixos/modules/services | |
parent | 98e6a8b5792b960c9f21b8836421b02f1ccdccfd (diff) | |
download | nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.tar nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.tar.gz nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.tar.bz2 nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.tar.lz nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.tar.xz nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.tar.zst nixlib-50d6e93dc8ce18c22f01989a92390ff21000191f.zip |
nixos/nginx: fixup permissions for Nginx state dir
The commit b0bbacb52134a7e731e549f4c0a7a2a39ca6b481 was a bit too fast It did set executable bit for log files. Also, it didn't account for other directories in state dir: ``` # ls -la /var/spool/nginx/ total 32 drwxr-x--- 8 nginx nginx 4096 Dec 26 12:00 . drwxr-xr-x 4 root root 4096 Oct 10 20:24 .. drwx------ 2 root root 4096 Oct 10 20:24 client_body_temp drwx------ 2 root root 4096 Oct 10 20:24 fastcgi_temp drwxr-x--- 2 nginx nginx 4096 Dec 26 12:00 logs drwx------ 2 root root 4096 Oct 10 20:24 proxy_temp drwx------ 2 root root 4096 Oct 10 20:24 scgi_temp drwx------ 2 root root 4096 Oct 10 20:24 uwsgi_temp ``` With proposed change, only ownership is changed for state files, and mode is left as is except that statedir/logs is now group accessible.
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 7a597163e61e..ada7a25604c4 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -671,7 +671,7 @@ in systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -" - "Z '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" ]; systemd.services.nginx = { |