ec2-data: prefer 'install/umask' over 'chmod'

2024-04-08 23:49:36 +02:00
parent b607b9427a
commit 6fd0acb81b
1 changed files with 1 additions and 2 deletions
--- a/nixos/modules/virtualisation/ec2-data.nix
+++ b/nixos/modules/virtualisation/ec2-data.nix
@@ -35,9 +35,8 @@ with lib;
                echo "obtaining SSH key..."
                mkdir -m 0700 -p /root/.ssh
                if [ -s /etc/ec2-metadata/public-keys-0-openssh-key ]; then
-                    cat /etc/ec2-metadata/public-keys-0-openssh-key >> /root/.ssh/authorized_keys
+                    (umask 177; cat /etc/ec2-metadata/public-keys-0-openssh-key >> /root/.ssh/authorized_keys)
                    echo "new key added to authorized_keys"
-                    chmod 600 /root/.ssh/authorized_keys
                fi
            fi