aboutsummaryrefslogtreecommitdiff
path: root/scripts/nix-profile-daemon.sh.in
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2019-10-09 18:01:21 +0200
committerEelco Dolstra <edolstra@gmail.com>2019-10-09 23:34:48 +0200
commit5a303093dcae1e5ce9212616ef18f2ca51020b0d (patch)
tree091df92662ac2fdfe8c5ce4b9eb1f75bc81b5675 /scripts/nix-profile-daemon.sh.in
parent4331eeb13d241dfe2d2e6a01c53915c556cac94f (diff)
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127.
Diffstat (limited to 'scripts/nix-profile-daemon.sh.in')
-rw-r--r--scripts/nix-profile-daemon.sh.in13
1 files changed, 0 insertions, 13 deletions
diff --git a/scripts/nix-profile-daemon.sh.in b/scripts/nix-profile-daemon.sh.in
index 23da5e855..3e138ac42 100644
--- a/scripts/nix-profile-daemon.sh.in
+++ b/scripts/nix-profile-daemon.sh.in
@@ -5,12 +5,6 @@ __ETC_PROFILE_NIX_SOURCED=1
export NIX_USER_PROFILE_DIR="@localstatedir@/nix/profiles/per-user/$USER"
export NIX_PROFILES="@localstatedir@/nix/profiles/default $HOME/.nix-profile"
-# Set up the per-user profile.
-mkdir -m 0755 -p $NIX_USER_PROFILE_DIR
-if ! test -O "$NIX_USER_PROFILE_DIR"; then
- echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
-fi
-
if test -w $HOME; then
if ! test -L $HOME/.nix-profile; then
if test "$USER" != root; then
@@ -26,13 +20,6 @@ if test -w $HOME; then
echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > $HOME/.nix-channels
fi
- # Create the per-user garbage collector roots directory.
- NIX_USER_GCROOTS_DIR=@localstatedir@/nix/gcroots/per-user/$USER
- mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR
- if ! test -O "$NIX_USER_GCROOTS_DIR"; then
- echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
- fi
-
# Set up a default Nix expression from which to install stuff.
if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
rm -f $HOME/.nix-defexpr