Hey, Ludovic Courtès writes: > Hi, > > Diego Nicola Barbato skribis: > >> On Guix System the log files (in /var/log) generated by syslogd are >> currently (commit 151f3d4) world readable. They should probably only be >> readable by root (for the same reason that dmesg can only be run by >> root). >> >> It isn't possible to set the umask with fork-exec-constructor, is it? >> Otherwise that might have been a simple solution. > > That would be a nice solution to implement in the Shepherd. If you feel > like giving it a try, that would be great! I've attached two patches for the Shepherd. The first one makes sure that 'exec-command' creates log files with mode #o640 (I thought about making it a parameter instead of hard coding it, but I doubt it would be very useful). The second one makes it possible to set the umask with 'exec-command', 'fork+exec-command', and 'make-forkexec-constructor'. I wasn't quite sure how to avoid a collision with the procedure umask (would `((@ (guile) umask) umask)' have been ok?) so I named the parameter file-creation-mask. I haven't tested the changes. What would be a straight forward way to do that on Guix? Looking at the documentation it doesn't seem possible to swap out the shepherd package of the %shepherd-root-service with 'modify-services'. [...] Regards, Diego