Skip to content

Commit b954728

Browse files
jriscsimo5
jrisc
authored and
simo5
committed
Make systemd use 0700 mode on cache folders
The provided gssproxy.service unit configures /var/lib/gssproxy/clients and /var/lib/gssproxy/rcache as "StateDirectory". However, systemd applies mode 0755 by default on such folders. "StateDirectoryMode" has to be set too to restrict access to root only. Signed-off-by: Julien Rische <[email protected]>
1 parent be676f3 commit b954728

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

systemd/gssproxy.service.in

+1
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ Before=rpc-gssd.service
66
[Service]
77
ConfigurationDirectory=gssproxy
88
StateDirectory=gssproxy gssproxy/clients gssproxy/rcache
9+
StateDirectoryMode=0700
910
Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache
1011
ExecStart=@sbindir@/gssproxy -i
1112
# This can be changed to notify-reload and ExecReload= can be removed once

0 commit comments

Comments
 (0)