Liliana Marie Prikler schreef op vr 18-03-2022 om 23:36 [+0100]: > > +(define (auditd-activation config) > > +  (with-imported-modules '((guix build utils)) > > +    #~(begin > > +        (use-modules (guix build utils)) > > +        (let ((var-log-audit "/var/log/audit")) > > +          (umask #o077) > > +          (mkdir-p var-log-audit))))) > > + > This would also apply umask 077 to /var and /var/log if those don't > already exist.  More importantly, code executed after that will also > inherit the umask, which I don't think is the intended consequence. More concretely, the procedure 'mkdir-p/perms' would address the umask issue, but not the potential ‘oops too restrictive permissions for /var and /var/log' issue. Additionally, as var-log-audit is only used in a single place, you could simplify to #~(begin (use-modules ...) (mkdir-p/perms "/var/log/audit")) here. Greetings, Maxime.