base-filesystem: pick more conservative access mode for /root/

Let's not allow anyone to look into /root/ if we create it via the base-filesystem logic. i.e. change 0755 → 0750 as default access mode for /root/, in case we create it if it happens to be missing.
author: Lennart Poettering <lennart@poettering.net> 2022-07-13 23:47:31 +0200
committer: Lennart Poettering <lennart@poettering.net> 2022-07-14 18:18:34 +0200
commit: 93cbc9ca12043a13a2a80087a00012e009216f13 (patch)
tree: bbfe0c80d6746e453d7bbfa9e08135559cd10734 /src/shared/base-filesystem.c
parent: Merge pull request #24008 from poettering/tmpfiles-is-dir-fix (diff)
download: systemd-93cbc9ca12043a13a2a80087a00012e009216f13.tar.xz
systemd-93cbc9ca12043a13a2a80087a00012e009216f13.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
index 6dacc1d20a..cd8ea49319 100644
--- a/src/shared/base-filesystem.c
+++ b/src/shared/base-filesystem.c
@@ -31,7 +31,7 @@ typedef struct BaseFilesystem {
 static const BaseFilesystem table[] = {
         { "bin",      0, "usr/bin\0",                  NULL },
         { "lib",      0, "usr/lib\0",                  NULL },
-        { "root",  0755, NULL,                         NULL, true },
+        { "root",  0750, NULL,                         NULL, true },
         { "sbin",     0, "usr/sbin\0",                 NULL },
         { "usr",   0755, NULL,                         NULL },
         { "var",   0755, NULL,                         NULL },
author	Lennart Poettering <lennart@poettering.net>	2022-07-13 23:47:31 +0200
committer	Lennart Poettering <lennart@poettering.net>	2022-07-14 18:18:34 +0200
commit	93cbc9ca12043a13a2a80087a00012e009216f13 (patch)
tree	bbfe0c80d6746e453d7bbfa9e08135559cd10734 /src/shared/base-filesystem.c
parent	Merge pull request #24008 from poettering/tmpfiles-is-dir-fix (diff)
download	systemd-93cbc9ca12043a13a2a80087a00012e009216f13.tar.xz systemd-93cbc9ca12043a13a2a80087a00012e009216f13.zip