1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-27 07:22:31 +03:00
systemd/tmpfiles.d/credstore.conf
Lennart Poettering 40fb9eebbc tmpfiles: use same credstore perms everywhere
In b6033b7060 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time

In 24039e1207 support was added to create
/etc/credstore with perm 0700 from meson.build at build time.

This patch makes unifies the two parts:

1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
   places (the build system still won't create them in /run/, since
   that's pointless since not shipped, and the runtime won't create the
   dirs below /usr/lib/, since that's not generically writable anyway).

2. Both at runtime and at build time we'll create the dirs with mode
   0700. This is easier for packaging tools to handle since they
   generally react pretty negatively on dirs they can't enumerate.
2023-05-31 11:15:26 +08:00

14 lines
473 B
Plaintext

# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root
z /run/credstore 0700 root root
z /run/credstore.encrypted 0700 root root