base-filesystem: pick more conservative access mode for /root/

Let's not allow anyone to look into /root/ if we create it via the base-filesystem logic. i.e. change 0755 → 0750 as default access mode for /root/, in case we create it if it happens to be missing. (cherry picked from commit 93cbc9c)
systemd · Aug 8, 2022 · 64be8d8 · 64be8d8
1 parent 625472b
commit 64be8d8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c
@@ -31,7 +31,7 @@ typedef struct BaseFilesystem {
 static const BaseFilesystem table[] = {
         { "bin",      0, "usr/bin\0",                  NULL },
         { "lib",      0, "usr/lib\0",                  NULL },
-        { "root",  0755, NULL,                         NULL, true },
+        { "root",  0750, NULL,                         NULL, true },
         { "sbin",     0, "usr/sbin\0",                 NULL },
         { "usr",   0755, NULL,                         NULL },
         { "var",   0755, NULL,                         NULL },