From 427f1e58a47509406ef23c58dcd607aa0d8f11cd Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Tue, 14 May 2019 17:54:33 -0500 Subject: [PATCH] nixos/foundationdb: chmod 0770 for logs/data files Slight oversight: this allows members of the FoundationDB group to read logs. Signed-off-by: Austin Seipp --- nixos/modules/services/databases/foundationdb.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index 1505f92e751a..0c7a9d024320 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -389,7 +389,7 @@ in chown -R ${cfg.user}:${cfg.group} ${cfg.pidfile} for x in "${cfg.logDir}" "${cfg.dataDir}"; do - [ ! -d "$x" ] && mkdir -m 0700 -vp "$x"; + [ ! -d "$x" ] && mkdir -m 0770 -vp "$x"; chown -R ${cfg.user}:${cfg.group} "$x"; done