New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/nginx: forced change permissions #76174
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you mention in the commit message that the change is there to make migration from the old permissions to the new one possible?
E.g.:
nixos/nginx: recursively change logs directory owner/group
This change brings pre-existing installations (where the logfiles are owned by root) in line with the new permssions (where logfiles are owned by the nginx user)
Also, I'd change the commit message to something more descriptive
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe order is important. I think you should put this at the end instead of beginning. Can't check at the moment, though...
Will follow up.
As described in #56255 (comment), please use
We don't want to make log files executable. We should however have a discussion about |
This change brings pre-existing installations (where the logfiles are owned by root) in line with the new permssions (where logfiles are owned by the nginx user)
Thanks, fixed. |
I've merged this as nginx service is broken without this. Discussion about *_temp is still welcome |
@danbst: the tmpfiles rule is still wrong - it should be a lowercase We're now making log files executable. Can you post a fixup PR which does that? |
@flokli yes |
EDIT: just noticed a glob mention. :doh: @flokli I'm testing With
With
|
@danbst doesn’t work for me either |
@Izorkin it is because little-z expects glob-pattern, like |
@danbst correct worked with: |
This change brings pre-existing installations (where the logfiles are owned by root) in line with the new permssions (where logfiles are owned by the nginx user) (cherry picked from commit b0bbacb)
This change brings pre-existing installations (where the logfiles are owned by root) in line with the new permssions (where logfiles are owned by the nginx user) (cherry picked from commit b0bbacb)
Motivation for this change
Fixed this error - #56255 (comment)
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @