Set stricter permissions on /nix/store

The nixbld group doesn't need read permission, it only needs write and execute permission.
2025-07-13 21:50:33 +03:00 · 2015-01-08 16:57:34 +01:00 · 2015-01-08 16:57:34 +01:00 · 066758758e
commit 066758758e
parent 037af9ffcc
2 changed files with 2 additions and 2 deletions
--- a/nixos/modules/installer/tools/nixos-install.sh
+++ b/nixos/modules/installer/tools/nixos-install.sh
@ -127,7 +127,7 @@ mkdir -m 0755 -p \
    $mountPoint/nix/var/nix/db \
    $mountPoint/nix/var/log/nix/drvs

-mkdir -m 1775 -p $mountPoint/nix/store
+mkdir -m 1735 -p $mountPoint/nix/store
 chown root:nixbld $mountPoint/nix/store


--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@ -51,7 +51,7 @@ echo "booting system configuration $systemConfig" > /dev/kmsg
 # the Nix store.  Note that we can't use "chown root:nixbld" here
 # because users/groups might not exist yet.
 chown 0:30000 /nix/store
-chmod 1775 /nix/store
+chmod 1735 /nix/store
 if [ -n "@readOnlyStore@" ]; then
    if ! readonly-mountpoint /nix/store; then
        mount --bind /nix/store /nix/store