diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2015-04-12 21:42:50 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2015-04-14 00:27:11 +0200 |
commit | 75ab7bf96035c23293fd1db373ea5f512a0ec6fa (patch) | |
tree | 49bc1cafd42dc34ce91ad355691c1a17bda3705a /nixos/modules/programs/shadow.nix | |
parent | 2d8cfe76a9e4f05e391d30f1654d45dee5993b8a (diff) |
nixos: condition shadow setuid-wrappers on mutableUsers
Having junk setuid wrappers in PATH is annoying.
Diffstat (limited to 'nixos/modules/programs/shadow.nix')
-rw-r--r-- | nixos/modules/programs/shadow.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 895ecb122cb6d..566398d839fd9 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -100,8 +100,10 @@ in chgpasswd = { rootOK = true; }; }; - security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp" - "newuidmap" "newgidmap" # new in shadow 4.2.x + security.setuidPrograms = [ "su" "chfn" ] + ++ lib.optionals config.users.mutableUsers + [ "passwd" "sg" "newgrp" + "newuidmap" "newgidmap" # new in shadow 4.2.x ]; }; |