diff options
author | Félix Baylac Jacqué <felix@alternativebit.fr> | 2023-10-25 11:34:39 +0200 |
---|---|---|
committer | Félix Baylac Jacqué <felix@alternativebit.fr> | 2023-10-26 18:25:13 +0200 |
commit | f83fa021937978e79c917c08b3499ba866120284 (patch) | |
tree | 8b87676d871e30a3bfa6a1082d0cbcdda15e2de1 /flake.nix | |
parent | 4b3dee2ca3be35d2df73626ad36a8cddedc41e6f (diff) | |
download | garage-f83fa021937978e79c917c08b3499ba866120284.tar.gz garage-f83fa021937978e79c917c08b3499ba866120284.zip |
Add allow_world_readable_secrets option to config file
Sometimes, the secret files permissions checks gets in the way. It's
by no mean complete, it doesn't take the Posix ACLs into account among
other things. Correctly checking the ACLs would be too involving (see
https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/658#issuecomment-7102)
and would likely still fail in some weird chmod settings.
We're adding a new configuration file key allowing the user to disable
this permission check altogether.
The (already existing) env variable counterpart always take precedence
to this config file option. That's useful in cases where the
configuration file is static and cannot be easily altered.
Fixes https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/658
Co-authored-by: Florian Klink <flokli@flokli.de>
Diffstat (limited to 'flake.nix')
0 files changed, 0 insertions, 0 deletions