adam.robins.wtf / sower
Deployment and lifecycle management for Nix
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: set /var/lib/sower-garden permissions to 700

The StateDirectory defaulted to 0755, exposing the garden state
directory to other users on the system. Set StateDirectoryMode to
0700 so only the sower-garden user can access it.

sow-138

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Adam C. Stephens e0265d4d da2a7e44

+1
+1
nix/nixos/garden.nix
··· 247 247 UMask = "0077"; 248 248 249 249 StateDirectory = "sower-garden"; 250 + StateDirectoryMode = "0700"; 250 251 WorkingDirectory = "%S/sower-garden"; 251 252 252 253 ExecStartPre = [