From a3d6410535ea6faaa526119495f4b6455c210ad6 Mon Sep 17 00:00:00 2001 From: Reactor Scram Date: Wed, 21 Aug 2024 01:28:45 -0500 Subject: [PATCH] chore(gui-client): fix IPC log permissions (#6355) Closes #6289 Since the IPC service deletes its own logs now, we don't need to allow users in the group `firezone-client` to have write permissions on the logs --- .../src-tauri/deb_files/firezone-client-ipc.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service b/rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service index eed37b183..175b3a1ba 100644 --- a/rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service +++ b/rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service @@ -7,8 +7,8 @@ CapabilityBoundingSet=CAP_CHOWN CAP_NET_ADMIN DeviceAllow=/dev/net/tun LockPersonality=true LogsDirectory=dev.firezone.client -# Allow users in `firezone` group to delete log files -LogsDirectoryMode=775 +# Allow anyone to read log files +LogsDirectoryMode=755 MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateMounts=true