Remove world-writability from per-user directories

'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127. (cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
author: Eelco Dolstra <edolstra@gmail.com> 2019-10-09T16·01+0200
committer: Eelco Dolstra <edolstra@gmail.com> 2019-10-09T21·57+0200
commit: 65953789bcd73f098486b0a385b4e661c0ccda19 (patch)
tree: 92a0208f5a4455b89f9549b802dc0f063e64711f /nix.spec.in
parent: 910b0fcc118cce3ade09f252da43fbe2436080e5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nix.spec.in b/nix.spec.in
index 477768c6a68c..6b9e3763738f 100644
--- a/nix.spec.in
+++ b/nix.spec.in
@@ -106,7 +106,7 @@ chmod 1775 $RPM_BUILD_ROOT/nix/store
 for d in profiles gcroots;
 do
   mkdir -p $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
-  chmod 1777 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
+  chmod 755 $RPM_BUILD_ROOT/nix/var/nix/$d/per-user
 done
 
 # fix permission of nix profile
author	Eelco Dolstra <edolstra@gmail.com>	2019-10-09T16·01+0200
committer	Eelco Dolstra <edolstra@gmail.com>	2019-10-09T21·57+0200
commit	65953789bcd73f098486b0a385b4e661c0ccda19 (patch)
tree	92a0208f5a4455b89f9549b802dc0f063e64711f /nix.spec.in
parent	910b0fcc118cce3ade09f252da43fbe2436080e5 (diff)