Remove world-writability from per-user directories

'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127.
author: Eelco Dolstra <edolstra@gmail.com> 2019-10-09 18:01:21 +0200
committer: Eelco Dolstra <edolstra@gmail.com> 2019-10-09 23:34:48 +0200
commit: 5a303093dcae1e5ce9212616ef18f2ca51020b0d (patch)
tree: 091df92662ac2fdfe8c5ce4b9eb1f75bc81b5675 /nix.spec.in
parent: 4331eeb13d241dfe2d2e6a01c53915c556cac94f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nix.spec.in b/nix.spec.in
index 477768c6a..6b9e37637 100644
--- a/nix.spec.in
+++ b/nix.spec.in
@@ -106,7 +106,7 @@ chmod 1775 $RPM_BUILD_ROOT/nix/store
 for d in profiles gcroots;
 do
   mkdir -p $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
-  chmod 1777 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
+  chmod 755 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
 done
 
 # fix permission of nix profile
author	Eelco Dolstra <edolstra@gmail.com>	2019-10-09 18:01:21 +0200
committer	Eelco Dolstra <edolstra@gmail.com>	2019-10-09 23:34:48 +0200
commit	5a303093dcae1e5ce9212616ef18f2ca51020b0d (patch)
tree	091df92662ac2fdfe8c5ce4b9eb1f75bc81b5675 /nix.spec.in
parent	4331eeb13d241dfe2d2e6a01c53915c556cac94f (diff)