From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id oEWKJlkbDWKhGgEAgWs5BA (envelope-from ) for ; Wed, 16 Feb 2022 16:42:17 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id gDZTI1kbDWJgigAAauVa8A (envelope-from ) for ; Wed, 16 Feb 2022 16:42:17 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5412535BFD for ; Wed, 16 Feb 2022 16:42:17 +0100 (CET) Received: from localhost ([::1]:33668 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nKMRc-0005jl-38 for larch@yhetil.org; Wed, 16 Feb 2022 10:42:16 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47996) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nKMRJ-0005jT-7r for guix-devel@gnu.org; Wed, 16 Feb 2022 10:41:57 -0500 Received: from mail-oln040092068063.outbound.protection.outlook.com ([40.92.68.63]:7358 helo=EUR02-HE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nKMRH-000133-7Y; Wed, 16 Feb 2022 10:41:56 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F9eu5cRvmpgVRbVGJHZGvBTQDrZflr4XnLT91uKH95Fnzf8rZ2n7F35DhHJJ434uLbL7gxI9uvFqqChrXNP/4Iqc8QY7GzStmm66VHeQCEaIJnEK8Q+y73L9mffFSk/737rrwq0mt+d/iCRk/5v8h6+ysWr2ZnPQpa/VteHcD0uBBfCjqHpN0xiVj1f2/0jOo/pMN9aY5OcceLwdJK2rbw7b8+tH05UoourL6J1g9GLks8u8E1H9+fu/cKgqFi8uROCrtBiXX8k1faWRU3ASpbH9OKW3Lb9ykpmb75jZl5L5Pe08Sqavi6YSAmBY4FbwC2ktLgAs7VmQcjTPhZdLXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KseFKGJRF2lHM74nwDITJMr47g94iJGOkPuMIlHsbT0=; b=Dz80LAJfcKtNgz4vhrP5V8g0QLM3Kpl1io5vNFpnYIxwZvFk83cTzpZ6nsZoibVT60D7nmU9Xitrs5Lzi09MKiR+Z4SIOepRyqw6V0tmUmPsElyFrcU0x7IqEOlDrHErk4tgfWSIf2K5I98Eg0UUiW4bPHJraHGHbEZIi7AXGcOdmFDaEBALMR1D//oXwRGNQlsXA5CMVnVMXlsaKJ9Ufy8ZWor/jDss0dg3ca0LEs7aDE4ZXYwteWdu0Xe8rf1vNuo96a9Ypz9TUj0p7aRoQdM4Cii9j3WmZ+ZMWXBk8yb6D3pJ5RW3+JhpUsvLNa/OOPjKY4P9DYSf9LM5IfesnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KseFKGJRF2lHM74nwDITJMr47g94iJGOkPuMIlHsbT0=; b=OIkdD04VLL/EQpJAMCvO4In6+aAgqUo6q+WPRY+FaSf3CTmkUeqADjyiaYYMDP6l/2g3/ZtLKT9fdxXCmo6zytEKcisuR3Z08VeImooRk3HXVJ70yCrR0lav31rMKVRMTkf5ZlOZOAlSvHncaUW/MiWmeDiM4JD6YoaI4wnTi0ifXgDEmmVK9iAFYi4XHm10AW5fAaNNI5HQ6AMFemHjBxBhW6gz3P+Y9qEq3dxwMu4n2f1tzp5HlPCjGsZwJJljRX3MvoQJfBlkCtOZ60D0uZaxhgKGd+aoPIkIRA14aiskr71E1u4d7gRkldXmqYA7JEUIniGZN2vVRcJeZ/s7XQ== Received: from DB9PR06MB7657.eurprd06.prod.outlook.com (2603:10a6:10:23e::12) by PAXPR06MB8553.eurprd06.prod.outlook.com (2603:10a6:102:2b5::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.14; Wed, 16 Feb 2022 15:41:52 +0000 Received: from DB9PR06MB7657.eurprd06.prod.outlook.com ([fe80::2502:2717:6d5c:d6be]) by DB9PR06MB7657.eurprd06.prod.outlook.com ([fe80::2502:2717:6d5c:d6be%9]) with mapi id 15.20.4975.018; Wed, 16 Feb 2022 15:41:52 +0000 Date: Wed, 16 Feb 2022 16:41:50 +0100 From: Josua Stingelin To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: Changing permissions of files created with simple-service etc-service-type Message-ID: References: <87czjpqfvq.fsf@gnu.org> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87czjpqfvq.fsf@gnu.org> X-TMN: [N8BJjVQn6lAOC0DqwmYfht4wLcu7KKZL] X-ClientProxiedBy: ZR0P278CA0038.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:1d::7) To DB9PR06MB7657.eurprd06.prod.outlook.com (2603:10a6:10:23e::12) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1eb76a39-630c-4d70-768f-08d9f162da55 X-MS-TrafficTypeDiagnostic: PAXPR06MB8553:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gL184W85Gr1eDBCK6U0WUP2cX2CSZ8LN2sjVrHiSQe6P18YntWqNhvOMnSZizz3xm7UTAisLmyPaj7nQiATwu0qunt/r1u0u9YfxA+Ljcr/+XXXOkH70FGHfHyCYNnNPbDpJSpvtbRv9GK08R0V8d66ZSD61tImyFtVbnW+GhcxwKFrkB1b+oe2eZ6UZa1ZFwEqXVJtPQakx/IMiMOUtYpUwWAZ5UnILXKZka+5KWb+SZahVEF1hry8xf5e4NDghzesvWg/5cNa8A8RVhAHBy7UNEHLM2rXcQyCSeJJFT4XqmL3iJxdlHXw0QZCQNt7Qj+ckY6dbzGt0gjYfOkoEjDCQKKcEq/2luOTMdGC9cjdvdxxS/pL4WTYZm+KNRr/L+Eon7oBmgdG9HRrFXeHPHCIH4b1DIpgNtIw6t8YlV5GzuC6iRHwOy76gzCHOt9d8bcA75VYxfHK6gm2iG1LAfiBtSmELj0AjW0UZf7+hkiTYLTnAnfI+5hMwsQ1YcIPOJlLwxfsn3SN/RagOt9ra6VcIoMiVIkj7M+suawumVkk8wz0A3maqP9zCDMjqoNBZR8ukzxH3k1jqDfJ9Aac5xw== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Ykx3U05ScyswM2M4RWJWNy9lMVBBdVI0cGZDK3dkdVdwZjJwWC9hNU9ZZ2o0?= =?utf-8?B?Qmh6Tlk4UHNEQ1VFY2dOQXN3eXg5OVI1M1pncnVsejBHME1WV0dHU3ZsR0Nz?= =?utf-8?B?TXdSWlgxbXJ4enZVaW9LM0J2S3RjMWROdkZaM1RtcE1rUjlWSFJuMzJaRjB6?= =?utf-8?B?QStneng0NWRqRC9kRk1GY2FFTGs4cVRBeW9ZdFlxTFNCWVBNdWxCVUNQeThQ?= =?utf-8?B?b2h5Tk8vQzdrb3lsNDliWmtFbWppUWVYS3pGTFhvMDlxQTVZL2IwLzUwYlZv?= =?utf-8?B?YWZKOWU5dXpFZ0N3N3FNL2dFQ3FRcjI2ZUg1ZC80KzRtUUc5Y3dqejY0Yll3?= =?utf-8?B?bGc1OVFqWTdSYWJSaGZrdEJLVm4vRmkwOGNiRTBuZnZNOHZxUEk5dDhDNU5R?= =?utf-8?B?aDhFRWxzZmxBa1U5WGRBVnNaNVplelREcmIzbVo4ajhMQ0JnSWF3VzJVRkdi?= =?utf-8?B?ai9mSDkwM0hmYXgyOEF1T2RpeVM5MmRtaml2NG95VHFBMnQyZlUybmpXUEN0?= =?utf-8?B?cHRpeU9JQS9LYUFveUVPaFg2aXRvZ2Fha2o0eTNwME5UYXBKMWlSUDJMQkhS?= =?utf-8?B?eFl3QmViZXZJZzU1Z2pBRVJmaldnSGlUUVNKRFY3dUErZkNkRHRYbHFBbVMw?= =?utf-8?B?b3Jkb1N3RlNXNzFOZ3JmVzZ0dHhTbU5IWFFpYzJsMWVsS0J2ekFlZGQ0azF0?= =?utf-8?B?WkdvTWlYNXFJK0pWbkNTQ2g1OTJCTzdJLy9MbGZma3NxSGt0VWplS0szWm9L?= =?utf-8?B?bUh6RWgrTUdtcWFRRVdJeXFKQk9ta0RVVFRTdkpEQVpLOHFKQ041blQ5ZmxB?= =?utf-8?B?ZlRzQUZsQkhmdUNkRFQzeUhIeUJsd3BHU3doc3NYaGNqcTRreFRxaTByb2RU?= =?utf-8?B?aS9Za0F6c1I3alpDcWpkTWxkekM4clFqRXVrL29JNEhvSnpkRWUzazZHUnVU?= =?utf-8?B?MlJOZmloejRMM0ZiUUZpV0tPanVYMkwxOXIvdkJidTllZWhMNE1BUWV0blpQ?= =?utf-8?B?M2lVU3Z4SXN0TkwrQTBGK3dsSVVRdnN4U3Z6SklOaHFWQ1EyQ3hjSHhRTzlp?= =?utf-8?B?aW00cUFkeEY4V1Q0U1g2cUZWVXk2SkE1Q0VISTFHVVNzWTBUTmZSL3VhRVQv?= =?utf-8?B?MFg1dXdEODZRQWFoZFMwa0ZieXJvRDQ2SVc2a1VkMEZ2SGYvM2FXUnhtQUNt?= =?utf-8?B?Y3V1RFVEZnNROHRXZHNJVzh3VDJqd0YvRitTUHIwSXVIc1hEd1FGejdGdDZm?= =?utf-8?B?ODRFZTdUSXNmdzZuSGE0a3VQbkw2QWg2QlRSZnMvZXFqUytLZz09?= X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-6e454.templateTenant X-MS-Exchange-CrossTenant-Network-Message-Id: 1eb76a39-630c-4d70-768f-08d9f162da55 X-MS-Exchange-CrossTenant-AuthSource: DB9PR06MB7657.eurprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Feb 2022 15:41:52.5039 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR06MB8553 Received-SPF: pass client-ip=40.92.68.63; envelope-from=josuast@hotmail.com; helo=EUR02-HE1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1645026137; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=KseFKGJRF2lHM74nwDITJMr47g94iJGOkPuMIlHsbT0=; b=iEM82LPacdOJbQUy9YxTAhcH7cDxWeACw5+m3Lp94xKPn8hKodwKJIB3wty4nNmVGjuH0W FOF5beDH3kbplZ7QedwJMVzS4QOChRa8TxrqXtBTYbKJOkTUsy7mR5vE8gEo+O0u2Ng8lB meQbRVql/8kJcUauZ5lKyJ8fuMFulEnjD3EFmskLDLJeJ3A0PMgGfwl0LcGcrHzXWrjZhd yeJHlYb/tvEfbOX0qGFPtCK241hiQcvmRDX3JblqAD4Xnazzm/lVbhaSzE13b9JLpE/+3/ xrciGcBFnKdZ+AmVut20MGy8IufCxE1+i+43LWE7w4hdqQe77qkU6Ui3CsXuTg== ARC-Seal: i=2; s=key1; d=yhetil.org; t=1645026137; a=rsa-sha256; cv=pass; b=f5pXUL18LhjfReAAk8qFWdgPPzlpCnKbqA4OHCBgasfVa0Q/WCguIsLc+CEzXgyYjiGIYd Don6Ctmf1rgpfTKhmyzW90wrqEADHw1xMoh7otkXs1skcEjH0KhablvriJL7QZBU/S9dzZ byNLeW5jOVuhrq7eA64yXLydAmLjTFeAXEECA/yDXvoea0Fb79qNjMOvUd2e1NH/JuThzE 297IDEtSQUnIKZvDtMltxSVj5un4MxL5uwUJSZFnTwBDJg21XzlZfkp0u91hB0mcpMDLR1 ONT7gm9MDXAH+e/zJC+Ps6cDLc4zSp1HXF1zMofcTLHyGie8LyG3bQHVfQFc8Q== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=pass header.d=hotmail.com header.s=selector1 header.b=OIkdD04V; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -10.33 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=hotmail.com header.s=selector1 header.b=OIkdD04V; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=none) header.from=hotmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 5412535BFD X-Spam-Score: -10.33 X-Migadu-Scanner: scn0.migadu.com X-TUID: XiUmRvVeGLdY > > I'm using the etc-service-type of the simple-service to copy the file. Which > > works great. But sadly grants read-access to everyone. I'd prefer it only be > > readable by root. > > > > How can I achieve that? > > Currently ‘etc-service-type’ does not let you specify permissions. All > the files that end up in /etc first go through the store though, so > changing the permission of those files once copied under /etc wouldn’t > buy you much in terms of confidentiality. For example, there’s a copy > of ‘wpa_supplicant.conf’ above in your store. For that reason, files > containing secrets must be handled “out of band”, without Guix support. > > I guess changing permissions for /etc could still be useful for those > programs that verify permission bits and refuse to start if the config > file is readable by all. However, those programs may have a good reason > to verify that, so… > > Thoughts? I see. Thanks for the clarification! I will try that approach.