Commit Graph

9 Commits (5d6198adeea9cae5e2dd20d755093769e6a5bfdb)

Author SHA1 Message Date
Brad Fitzpatrick 5263c8d0b5 paths: skip unix chmod if state directory is already 0700
Updates #2934

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Aaron Klotz 21e9f98fc1 ipn, paths: unconditionally attempt to set state dir perms, but only if the state dir is ours
We unconditionally set appropriate perms on the statefile dir.

We look at the basename of the statefile dir, and if it is "tailscale", then
we set perms as appropriate.

Fixes #2925
Updates #2856

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
3 years ago
Aaron Klotz 9ebb5d4205 ipn, paths: ensure that the state directory for Windows has the correct perms
ProgramData has a permissive ACL. For us to safely store machine-wide
state information, we must set a more restrictive ACL on our state directory.
We set the ACL so that only talescaled's user (ie, LocalSystem) and the
Administrators group may access our directory.

We must include Administrators to ensure that logs continue to be easily
accessible; omitting that group would force users to use special tools to
log in interactively as LocalSystem, which is not ideal.

(Note that the ACL we apply matches the ACL that was used for LocalSystem's
AppData\Local).

There are two cases where we need to reset perms: One is during migration
from the old location to the new. The second case is for clean installations
where we are creating the file store for the first time.

Updates #2856

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
3 years ago
Josh Bleecher Snyder a5da4ed981 all: gofmt with Go 1.17
This adds "//go:build" lines and tidies up existing "// +build" lines.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
3 years ago
Brad Fitzpatrick 33bc69cf1f paths: fall back to XDG_DATA_HOME for non-root users' state dir
So peerapi has a default state directory, mostly for netstack mode
testing.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 54e108ff4e paths: update some default paths for darwin 4 years ago
David Anderson dbc99dc0d2 paths: use /var/db for state on BSDs, and /var/run for sockets.
On BSD, /var/db is what linux calls /var/lib.

On modern linux, /run and /var/run are the same directory, but
on BSD the correct path is /var/run, so use that.

Fixes #79

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 383d86df5f paths: remove some debug logging I left in 5 years ago
Brad Fitzpatrick 65e7c58aa4 cmd/tailscale, cmd/tailscaled, paths: add paths package for default paths
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago