New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/transmission: Enable configuring permissions of home dir #76552
nixos/transmission: Enable configuring permissions of home dir #76552
Conversation
Also: Rename some variables with the "default" prefix.
Another problem is when |
I'm not sure I figured out what you mean. Are you saying that the preStart script creating the necessary directories is being run by I'm not sure how exactly your changes improve that, nothing there elevates the permissions of the preStart script so that the |
|
Thanks for clarifying this @bb2020. The question is, are you sure the preStart script won't fail because the ? As for this privileges doubt, according to |
This reminds me that @aszlig wrote about a "directories" module in #59988 (comment). I think having something like that in NixOS would be nice, and help with issues like this. |
If you ask me, introducing
I've made some changes here that fixes both issues, I presume. |
It is actually a discouraged method. However, I see it is widely used by many modules 😃 |
Discouraged? That's interesting.. Have you discovered it's discouraged in an RFC perhaps?
|
It was previously discussed in some |
It'd be nice to talk it over at nixos/RFCs, or the forums.. When I'll find the time I'll quote you so you could join the discussion :) P.S I'll test your implementation as well. |
BTW Speaking of improvements to this module, does anybody has a clear guess on how to fix this warnings I've been getting lately:
|
See also #78113 (which hardcodes homedirPermissions to 755). I have not tested the patch in this PR, but reading the diff it looks fine. |
I would prefer this over #78113 since i want transmission group members to be able to write/move files inside the transmission directory |
For things like eg. runtime or state directories, systemd can already handle this (as @doronbehar mentioned), but AFAIK it only applies to those standard directory layouts and not arbitrary directories. The module above however is fairly complex (mainly because it also supports POSIX ACLs), so I'm not really sure whether it would be worth introducing additional complexity if it's only used for like 2 modules. Addendum: One advantage of that module would have however, is that it would prevent race conditions regarding mkdir/chmod calls and it also allows to configure permissions of leading directories in a hierarchical way, so if there would be more NixOS modules where this would be useful, I might reconsider upstreaming. |
Perhaps a module like that might have more user out-of-tree than in-tree? I know that personally I would use it out-of-tree (for my nixos configs). |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
I'm closing this as I will (some when in the future) create a PR with broader changes for permissions of services/modules - as mentioned in that discourse thread^ (https://discourse.nixos.org/t/nixpkgs-policy-as-for-systemd-prestart-setup-scripts-vs-systemd-tmpfiles/5839/1). In the meantime, I'm using: systemd.services.transmission.serviceConfig.ExecStartPre = pkgs.lib.mkForce null; |
Motivation for this change
Continuing from @dsg22's work in 077934e, today I noticed that with a downloadDir pointing e.g to
${homeDir}/Downloads
(The default), it's impossible tocd
to it since the${homeDir}
permissions are always set to700
. It's funny this hasn't bothered anyone up until now.. With these changes, the default allows750
access to the${homeDir}
and the${downloadDir}
so at least by default users in thetransmission
group will be able to access it.Also, I did some small variables renames I think improve the readability of the service, hope it's OK with you.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc: