From ab5380ec82f4740bef1cc522674c49917a8d1f44 Mon Sep 17 00:00:00 2001 From: Renaud Date: Tue, 23 Oct 2018 00:43:41 +0200 Subject: nixos/ddclient: make configFile private /run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group) --- nixos/modules/services/networking/ddclient.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos/modules/services/networking') diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 77a9af058c7c..a70967820b32 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -185,7 +185,7 @@ with lib; RuntimeDirectoryMode = "0750"; StateDirectory = builtins.baseNameOf dataDir; Type = "oneshot"; - ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m666 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf"; + ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -m660 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf"; ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; }; }; -- cgit 1.4.1