commit 6edc3022ef1f22f4a0d69bf1e6fd17d52740b699 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #7345 from joachifm/conditional-shadow-setuids

nixos: condition shadow setuid-wrappers on mutableUsers

Peter Simons 10 years ago 6edc3022 4beadc79

options

unified split

Changed files

+4 -2

nixos

modules

programs

shadow.nix

+4 -2

nixos/modules/programs/shadow.nix

···

       100
       100
        
               chgpasswd = { rootOK = true; };

     

       101
       101
        
             };

     

       102
       102
        
       

     

       103
       103
       -
           security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"

     

       104
       104
       -
             "newuidmap" "newgidmap"  # new in shadow 4.2.x

     

       103
       103
       +
           security.setuidPrograms = [ "su" "chfn" ]

     

       104
       104
       +
             ++ lib.optionals config.users.mutableUsers

     

       105
       105
       +
             [ "passwd" "sg" "newgrp"

     

       106
       106
       +
               "newuidmap" "newgidmap" # new in shadow 4.2.x

     

       105
       107
        
             ];

     

       106
       108
        
       

     

       107
       109
        
         };