ddclient: WARNING: file /run/ddclient/ddclient.conf: file /run/ddclient/ddclient.conf must be accessible only by its owner.

[bjornfor]

Issue description

The NixOS module for ddclient installs the config file world-readable, since commit 642c8a8. This results in the following warning from ddclient:

WARNING:  file /run/ddclient/ddclient.conf: file /run/ddclient/ddclient.conf must be accessible only by its owner.

Steps to reproduce

• Enable the NixOS ddclient module: services.ddclient = { enable = true; configFile = "/path/to/ddclient.conf"; }
• When ddclient runs, /path/to/ddclient.conf will appear world-readable as /run/ddclient/ddclient.conf.

Technical details

• system: "x86_64-linux"
• host os: Linux 4.14.74, NixOS, 18.09.821.4dd9cd3f69e (Jellyfish)
• multi-user?: yes
• sandbox: yes
• version: nix-env (Nix) 2.1.1
• channels(bfo): ""
• channels(root): "nixos-18.09.821.4dd9cd3f69e"
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

[shdpl]

Should that not be reopened?
Is including -o ddclient and replacing -m666 with -m600 in ExecStartPre like this:
ExecStartPre = "!${lib.getBin pkgs.coreutils}/bin/install -o ddclient -m600 ${cfg.configFile} /run/${RuntimeDirectory}/ddclient.conf";
a valid solution?
I'm not sure if the user name is guaranteed to be unique

[infinisil]

Oh yeah, and the above PR was reverted in #53045 too

[keithy]

Still getting this warning.