Set stricter permissions on /nix/store

The nixbld group doesn't need read permission, it only needs write and execute permission. (cherry picked from commit 0667587)
NixOS · Mar 18, 2015 · 224d0d5 · 224d0d5
1 parent a2dc00c
commit 224d0d5
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh
@@ -128,7 +128,7 @@ mkdir -m 0755 -p \
     $mountPoint/nix/var/nix/db \
     $mountPoint/nix/var/log/nix/drvs
 
-mkdir -m 1775 -p $mountPoint/nix/store
+mkdir -m 1735 -p $mountPoint/nix/store
 chown root:nixbld $mountPoint/nix/store
 
 

diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
@@ -53,7 +53,7 @@ echo "booting system configuration $systemConfig" > /dev/kmsg
 # Silence chown/chmod to fail gracefully on a readonly filesystem
 # like squashfs.
 chown -f 0:30000 /nix/store
-chmod -f 1775 /nix/store
+chmod -f 1735 /nix/store
 if [ -n "@readOnlyStore@" ]; then
     if ! readonly-mountpoint /nix/store; then
         mount --bind /nix/store /nix/store