From 7389d32232d572a9b40d99f5c159cda9c361e9ca Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Fri, 29 Nov 2024 15:00:49 +1300 Subject: [PATCH] nixos/cupsd: Fix permissions on shared directories `/var/cache`, `/var/lib`, and `/var/spool` all have 0755 permissions by default, so should probably be created as such in this script. See #357447 for discussion. --- nixos/modules/services/printing/cupsd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index c916839f126c..78251b3721a7 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -384,6 +384,7 @@ in preStart = lib.optionalString cfg.stateless '' rm -rf /var/cache/cups /var/lib/cups /var/spool/cups '' + '' + (umask 022 && mkdir -p /var/cache /var/lib /var/spool) (umask 077 && mkdir -p /var/cache/cups /var/spool/cups) (umask 022 && mkdir -p ${cfg.tempDir} /var/lib/cups) # While cups will automatically create self-signed certificates if accessed via TLS,