From: Zacchaeus Scheffer <zaccysc@gmail.com>
To: 53752@debbugs.gnu.org
Subject: bug#53752: guix home symlink permissions
Date: Thu, 3 Feb 2022 13:08:12 -0500 [thread overview]
Message-ID: <CAJejy7=okwP6Sous-ab_Ta44CgDDT9i795AxBcaZKyWaM8WErQ@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 869 bytes --]
I finally migrated my home configuration to guix home. However, it seems
guix home creates all symlinks with 777 permissions. This causes problems
with openssh as it will not recognize my ~/.ssh/authorized_keys. It seems
the directories have reasonable permissions (maybe because they already
existed?), but it seems like someone could in theory edit the symlinks
in-place (though I wasn't able to figure that out).
I formulated based on the example in Section 11.1 of the devel user
manual. You should be able to recreate the problem with (replacing <your
ssh public key here>):
(home-environment
(services
(list
(simple-service
'my-home-files-service
home-files-service-type
(list
`("ssh/authorized_keys"
,(plain-file
"home-authorized-keys"
"<your ssh public key here>")))))))
[-- Attachment #2: Type: text/html, Size: 1114 bytes --]
next reply other threads:[~2022-02-03 18:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-03 18:08 Zacchaeus Scheffer [this message]
2022-02-03 19:56 ` bug#53752: guix home symlink permissions Thiago Jung Bauermann via Bug reports for GNU Guix
2022-02-03 21:22 ` Zacchaeus Scheffer
2022-02-03 23:06 ` Thiago Jung Bauermann via Bug reports for GNU Guix
2022-02-04 9:58 ` Liliana Marie Prikler
2022-02-04 18:17 ` Zacchaeus Scheffer
2022-02-07 19:47 ` Zacchaeus Scheffer
2022-02-07 21:02 ` Maxime Devos
2022-02-08 7:01 ` Liliana Marie Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJejy7=okwP6Sous-ab_Ta44CgDDT9i795AxBcaZKyWaM8WErQ@mail.gmail.com' \
--to=zaccysc@gmail.com \
--cc=53752@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).