diff --git a/gnu/services.scm b/gnu/services.scm index 7941cd3af0..d631e8dd32 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -528,15 +528,20 @@ ACTIVATION-SCRIPT-TYPE." (use-modules (gnu build activation) (guix build utils)) + (define (ensure-file-exists file) + (let ((port (open-file file "a0"))) + (chmod port #o640) + (close-port port))) + ;; Make sure the user accounting database exists. If it ;; does not exist, 'setutxent' does not create it and ;; thus there is no accounting at all. - (close-port (open-file "/var/run/utmpx" "a0")) + (ensure-file-exists "/var/run/utmpx") ;; Same for 'wtmp', which is populated by mingetty et ;; al. (mkdir-p "/var/log") - (close-port (open-file "/var/log/wtmp" "a0")) + (ensure-file-exists "/var/log/wtmp") ;; Set up /run/current-system. Among other things this ;; sets up locales, which the activation snippets diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 8d9a563e2b..e59b6fea80 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1436,10 +1436,17 @@ Service Switch}, for an example." (documentation "Run the syslog daemon (syslogd).") (provision '(syslogd)) (requirement '(user-processes)) - (start #~(make-forkexec-constructor - (list #$(syslog-configuration-syslogd config) - "--rcfile" #$(syslog-configuration-config-file config)) - #:pid-file "/var/run/syslog.pid")) + (start #~(let ((fork (make-forkexec-constructor + (list #$(syslog-configuration-syslogd config) + "--rcfile" + #$(syslog-configuration-config-file config)) + #:pid-file "/var/run/syslog.pid"))) + (lambda () + ;; Set the umask such that file permissions are #o640. + (let ((mask (umask #o137)) + (pid (fork))) + (umask mask) + pid)))) (stop #~(make-kill-destructor)))))) ;; Snippet adapted from the GNU inetutils manual.