tailscale/cmd/tailscaled
Aaron Klotz 6b5081ab31 ipn, paths: ensure that the state directory for Windows has the correct perms
ProgramData has a permissive ACL. For us to safely store machine-wide
state information, we must set a more restrictive ACL on our state directory.
We set the ACL so that only talescaled's user (ie, LocalSystem) and the
Administrators group may access our directory.

We must include Administrators to ensure that logs continue to be easily
accessible; omitting that group would force users to use special tools to
log in interactively as LocalSystem, which is not ideal.

(Note that the ACL we apply matches the ACL that was used for LocalSystem's
AppData\Local).

There are two cases where we need to reset perms: One is during migration
from the old location to the new. The second case is for clean installations
where we are creating the file store for the first time.

Updates #2856

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2021-09-24 13:55:11 -07:00
..
debug.go net/portmapper: fix UPnP probing, work against all ports 2021-08-04 12:49:49 -07:00
depaware.txt ipn, paths: ensure that the state directory for Windows has the correct perms 2021-09-24 13:55:11 -07:00
install_darwin.go cmd/tailscaled: remove tailscaled binary on uninstall-system-daemon 2021-03-31 15:44:04 -07:00
install_windows.go ipn/ipnlocal: add file sharing to windows shell 2021-04-23 13:32:33 -07:00
tailscaled_notwindows.go all: gofmt with Go 1.17 2021-08-05 15:54:00 -07:00
tailscaled_windows.go wgengine/router: take a link monitor 2021-07-20 13:43:40 -07:00
tailscaled.defaults cmd/tailscaled: rename relaynode reference in defaults file comment 2020-03-13 14:38:04 -07:00
tailscaled.go tailscaled: try migrating old state on synology devices 2021-08-18 13:45:15 -07:00
tailscaled.openrc tstest/integration/vms: use an in-process logcatcher (#2360) 2021-07-08 14:39:45 -04:00
tailscaled.service cmd/tailscaled: start after NetworkManager and systemd-resolved. 2021-06-15 14:25:44 -07:00