From d429878daf3e3eb21660ed80934b1d4b0603f6e1 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 8 Mar 2019 22:48:04 +0100 Subject: activation: Shared system home directories are now 555 and root-owned. Fixes . Reported by Jack Hill . Regression introduced by the combination of 8bb76f3d44c1f5ffec8011819494db306a51d801 and 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86: /var/empty would be 700 and owned by one of the system accounts (thus inaccessible to others), and /var/run/dbus would be 700 as well, thereby preventing D-Bus clients from connecting to the daemon. * gnu/build/activation.scm (duplicates): New procedure. (activate-users+groups)[system-accounts]: New variable. Use it. Make shared system account home directories #o555 and root-owned. * gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755. * gnu/tests/base.scm (run-basic-test): Test the ownership and permissions of /var/empty. --- gnu/services/dbus.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'gnu/services/dbus.scm') diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 1e24d93ccb..606ee0c2f5 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019 Ludovic Courtès ;;; Copyright © 2015 Sou Bunnbu ;;; ;;; This file is part of GNU Guix. @@ -150,7 +150,11 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in (let ((user (getpwnam "messagebus"))) (chown "/var/run/dbus" - (passwd:uid user) (passwd:gid user))) + (passwd:uid user) (passwd:gid user)) + + ;; This directory contains the daemon's socket so it must be + ;; world-readable. + (chmod "/var/run/dbus" #o755)) (unless (file-exists? "/etc/machine-id") (format #t "creating /etc/machine-id...~%") -- cgit v1.2.3