diff options
author | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-07-15 19:10:48 -0500 |
---|---|---|
committer | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-09-01 19:17:43 -0500 |
commit | 390ab0b3eff809052d5b9d9b5335413b36898481 (patch) | |
tree | 15700959b5c568cff51e2e8abafed931bff7e6dd /nixos/modules/programs/shadow.nix | |
parent | 81b33eb46645b1bd3ab5029c0ca2012a24902bb0 (diff) |
everything?: Updating every package that depended on the old setuidPrograms configuration.
Diffstat (limited to 'nixos/modules/programs/shadow.nix')
-rw-r--r-- | nixos/modules/programs/shadow.nix | 49 |
1 files changed, 43 insertions, 6 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 878c9cc0cf098..8ee324eaf63f8 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -102,11 +102,48 @@ in chgpasswd = { rootOK = true; }; }; - security.setuidPrograms = [ "su" "chfn" ] - ++ [ "newuidmap" "newgidmap" ] # new in shadow 4.2.x - ++ lib.optionals config.users.mutableUsers - [ "passwd" "sg" "newgrp" ]; - + security.setuidPrograms = + [ + { program = "su"; + source = "${pkgs.shadow.su}/bin/su"; + user = "root"; + group = "root"; + setuid = true; + } + + { program = "chfn"; + source = "${pkgs.shadow.out}/bin/chfn"; + user = "root"; + group = "root"; + setuid = true; + } + ] ++ + (lib.optionals config.users.mutableUsers + map (x: x // { user = "root"; + group = "root"; + setuid = true; + }) + [ + { program = "passwd"; + source = "${pkgs.shadow.out}/bin/passwd"; + } + + { program = "sg"; + source = "${pkgs.shadow.out}/bin/sg"; + } + + { program = "newgrp"; + source = "${pkgs.shadow.out}/bin/newgrp"; + } + + { program = "newuidmap"; + source = "${pkgs.shadow.out}/bin/newuidmap"; + } + + { program = "newgidmap"; + source = "${pkgs.shadow.out}/bin/newgidmap"; + } + ] + ); }; - } |