New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible sops-nix mkdirs with wrong permissions? #381
Comments
I was pointed here from #391 . I worked around your issue using a system activation script that fixes the folder permissions. |
The problem is that it's not clear what the right behavior is in that case. Just because owner for the secret is the current user doesn't mean this is the right owner for its parent directory. Just imagine we have /var/lib/some-secret. It would be wrong to create /var/lib with the same owner as some-secret. |
I just encountered this issue. A root directory was created in my user home to satisfy the creation of a user file. So, only the directory created is owned by root and secret file is owned by the specified user. Wouldn't be enough to just use same user for If else, what about having an extra option to 'permit' this behavior? As it could avoid the need of adding an ad-hoc activation script and be cleaner. |
Is it not better to offload creating of parent directories to systemd-tmpfiles? |
Thanks. Sorry about the flawed implementation. Behavior wise: Do you think it is doable to create the directory but owned by the specified user without extra steps being necessary? |
results in:
And sure enough:
But my sops config for that file:
Obviously I can fix this one-off, but what's the right better solution?
The text was updated successfully, but these errors were encountered: