From d07185f986c63fd062c6de0b59096365836a5679 Mon Sep 17 00:00:00 2001
From: Markus Kowalewski <markus.kowalewski@gmail.com>
Date: Sat, 1 May 2021 00:15:55 +0200
Subject: [PATCH] nixos/slurm: fix creation of slurmdbd config file

replace cp/chmod by install to avoid security issues.
See https://github.com/NixOS/nixpkgs/issues/121293
---
 nixos/modules/services/computing/slurm/slurm.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index 0b52f8afed83..a3dee94e2dc5 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -403,9 +403,7 @@ in
       requires = [ "munged.service" "mysql.service" ];
 
       preStart = ''
-        cp ${slurmdbdConf} ${configPath}
-        chmod 600 ${configPath}
-        chown ${cfg.user} ${configPath}
+        install -m 600 -o ${cfg.user} -T ${slurmdbdConf} ${configPath}
         ${optionalString (cfg.dbdserver.storagePassFile != null) ''
           echo "StoragePass=$(cat ${cfg.dbdserver.storagePassFile})" \
             >> ${configPath}