Make Persistent Storage dir non-writable to group
This came up during !1035 (merged):
The root directory of the Persistent Storage
(`/live/persistence/TailsData_unlocked`) is created by the tps backend.
It's owned by `root:root` with permissions `0770`.
It is group-writable so that we can grant write access to other users
with ACLs.
XXX: Is it really necessary for the directory to be group-writable to
be able to grant write access to other users with ACLs?
The following discussion from !1035 (merged) should be addressed:
At least it used to be the case.
Doesn't seem to be the case anymore:
# mkdir /tmp/foo # ls -ld /tmp/foo drwxr-xr-x 2 root root 40 Mar 23 13:04 /tmp/foo # setfacl -m user:amnesia:rwx /tmp/foo # sudo -u amnesia touch /tmp/foo/bar # ls -l /tmp/foo/bar -rw-r--r-- 1 amnesia amnesia 0 Mar 23 13:04 /tmp/foo/bar