[Nix-dev] /run/lock permissions

Eelco Dolstra eelco.dolstra at logicblox.com
Sun Aug 26 02:08:47 CEST 2012


Hi,

On 25/08/12 15:22, Mathijs Kwik wrote:

> - just change /run/lock to 755 and create a subdir for logcheck in a
> task/activationscript

This seems like the easiest and most secure solution to me.  That way we don't
have to worry about non-root processes creating locks that should belong to
other users.

> - change /run/lock to 1775 and create a group that is allowed to
> create subdirs in there

I see that Fedora has /var/lock owned by root:lock and 775 permission.  Ubuntu
has root:root and 1777 (which doesn't seem like a good idea to me...).

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/


More information about the nix-dev mailing list