diff options
author | Luca Bruno <lethalman88@gmail.com> | 2014-05-16 22:37:44 +0200 |
---|---|---|
committer | Luca Bruno <lethalman88@gmail.com> | 2015-01-14 18:32:08 +0100 |
commit | 804a958663786be9067c2924c75f6406612fbc1b (patch) | |
tree | 7bca3287d7ce5755cac48911f1b82500dd05361d | |
parent | 0ab270770bceb681836767d8b09216afb0423b30 (diff) |
pam: add pam_wheel
-rw-r--r-- | nixos/modules/security/pam.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 3b5dd41868be2..65761865859f1 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -122,6 +122,14 @@ let ''; }; + requireWheel = mkOption { + default = false; + type = types.bool; + description = '' + Whether to permit root access only to members of group wheel. + ''; + }; + limits = mkOption { description = '' Attribute set describing resource limits. Defaults to the @@ -184,6 +192,8 @@ let # Authentication management. ${optionalString cfg.rootOK "auth sufficient pam_rootok.so"} + ${optionalString cfg.requireWheel + "auth required pam_wheel.so use_uid"} ${optionalString cfg.logFailures "auth required pam_tally.so"} ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) |