From ee7bae3bbd2030d5f2cdb88e484e1c67a063e2a3 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 11 Sep 2014 23:23:07 +0200 Subject: activation: Set the permissions of /etc/sudoers to 440. * gnu/build/activation.scm (activate-etc): Move 'rm-f' to a local 'define'. When TARGET is "sudoers", make it 440. --- gnu/build/activation.scm | 62 ++++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 28 deletions(-) (limited to 'gnu') diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index ee82a078b9..04dd19f3e1 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -147,35 +147,41 @@ (define (activate-etc etc) ;; /etc is a mixture of static and dynamic settings. Here is where we ;; initialize it from the static part. + (define (rm-f file) + (false-if-exception (delete-file file))) + (format #t "populating /etc from ~a...~%" etc) - (let ((rm-f (lambda (f) - (false-if-exception (delete-file f))))) - (rm-f "/etc/static") - (symlink etc "/etc/static") - (for-each (lambda (file) - (let ((target (string-append "/etc/" file)) - (source (string-append "/etc/static/" file))) - (rm-f target) - - ;; Things such as /etc/sudoers must be regular files, not - ;; symlinks; furthermore, they could be modified behind our - ;; back---e.g., with 'visudo'. Thus, make a copy instead of - ;; symlinking them. - (if (file-is-directory? source) - (symlink source target) - (copy-file source target)))) - (scandir etc - (lambda (file) - (not (member file '("." "..")))) - - ;; The default is 'string-locale