Remove world-writability from per-user directories

'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.

(cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)

1 files changed, 0 insertions, 13 deletions

diff --git a/scripts/nix-profile-daemon.sh.in b/scripts/nix-profile-daemon.sh.in
index 23da5e8559eb..3e138ac42499 100644
--- a/scripts/nix-profile-daemon.sh.in
+++ b/scripts/nix-profile-daemon.sh.in
@@ -5,12 +5,6 @@ __ETC_PROFILE_NIX_SOURCED=1
 export NIX_USER_PROFILE_DIR="@localstatedir@/nix/profiles/per-user/$USER"
 export NIX_PROFILES="@localstatedir@/nix/profiles/default $HOME/.nix-profile"
 
-# Set up the per-user profile.
-mkdir -m 0755 -p $NIX_USER_PROFILE_DIR
-if ! test -O "$NIX_USER_PROFILE_DIR"; then
-    echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
-fi
-
 if test -w $HOME; then
   if ! test -L $HOME/.nix-profile; then
       if test "$USER" != root; then
@@ -26,13 +20,6 @@ if test -w $HOME; then
       echo "https://nixos.org/channels/nixpkgs-unstable nixpkgs" > $HOME/.nix-channels
   fi
 
-  # Create the per-user garbage collector roots directory.
-  NIX_USER_GCROOTS_DIR=@localstatedir@/nix/gcroots/per-user/$USER
-  mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR
-  if ! test -O "$NIX_USER_GCROOTS_DIR"; then
-      echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
-  fi
-
   # Set up a default Nix expression from which to install stuff.
   if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
       rm -f $HOME/.nix-defexpr