JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/nginx: fixup permissions for Nginx state dir

Browse Source 
The commit b0bbacb521 was a bit too fast
It did set executable bit for log files.

Also, it didn't account for other directories in state dir:
```
 # ls -la /var/spool/nginx/
total 32
drwxr-x--- 8 nginx nginx 4096 Dec 26 12:00 .
drwxr-xr-x 4 root  root  4096 Oct 10 20:24 ..
drwx------ 2 root  root  4096 Oct 10 20:24 client_body_temp
drwx------ 2 root  root  4096 Oct 10 20:24 fastcgi_temp
drwxr-x--- 2 nginx nginx 4096 Dec 26 12:00 logs
drwx------ 2 root  root  4096 Oct 10 20:24 proxy_temp
drwx------ 2 root  root  4096 Oct 10 20:24 scgi_temp
drwx------ 2 root  root  4096 Oct 10 20:24 uwsgi_temp
```

With proposed change, only ownership is changed for state files, and mode is left as is
except that statedir/logs is now group accessible.
This commit is contained in:
danbst 2019-12-26 14:16:29 +02:00
parent 98e6a8b579
commit 50d6e93dc8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -671,7 +671,7 @@ in
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.stateDir}/logs' 0750 ${cfg.user} ${cfg.group} - -"
"Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
];
systemd.services.nginx = {