this post was submitted on 21 Apr 2024
14 points (100.0% liked)

Nix / NixOS

1765 readers
3 users here now

Main links

Videos

founded 1 year ago
MODERATORS
 

Hi! I ran into the issue that my kube config, which I manage with home-manager is world read- and writable. I hoped that there is an easy option to set file permissions with home-manager, e.g. home.file."foo".permissions = 0644 but something like this does not exist. All solutions a short web search turns up are overly complicated for something that seems to be a trivial task.

What is the easiest way to set permissions for a file with home-manager?

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 6 months ago

I use/abuse "systemd.user.tmpfiles.rules" to ensure important files and folders are present with the desired permissions. These are "for creation, deletion and cleaning of volatile and temporary files automatically", but from what I can tell, if you don't specify values for cleanup etc. then they are just created if they don't exist, permissions adjusted if they do and they are otherwise left alone. See the manpage tmpfiles.d(5) for the exact format.

The config looks something like this:

systemd.user.tmpfiles.rules = [
      "d /home/username/path/to/directory 0750 username groupname - -"
      "f /home/username/path/to/file.ext 0700 username groupname - -"
];`___`

where username and groupname are replaced with the actual values for the user being home-managed.

[–] [email protected] 1 points 6 months ago (1 children)

Thanks for the response. I'll have a look at it. It still astonishes me that there is no off-the-shelf solution to such a trivial and common use case.

[–] [email protected] 2 points 6 months ago

@secana If you manage it with homemanager it will be world readable anyway, since it is a symlink to nix store, and files inside the nix store are always world readable