Hi, Ludovic Courtès <[email protected]> writes: > Perhaps the best fix would be to set the umask explicitly before > activation snippets run, like so (untested): > [snip] > WDYT?
I forgot about those too! I guess they're run in two different contexts: once when `guix reconfigure` happens, and another one in the boot script. This would work here, but not be nearly enough: in init, you also have the populate-root-file-system procedure which will create many directories without set permissions, and if they are created with a-r, it will also cause havok (I think the first issue wonko reported was about the directories not being readable). I still think that the whole init/reconfigure commands should have their umask set to #o022 as a sane default, even for future changes to them: whatever they're touching is supposed to be "the system" itself and not user files, so inherited user-set umasks shouldn't matter. It just feels like we're trying to fight back against 'sudo' preserving things when it shouldn't but alas. Best, Josselin Poiret
