diff options
-rw-r--r-- | nixos/modules/security/pam.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index ee260a097c691..a431817fe1bb3 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -697,7 +697,7 @@ let session required ${config.systemd.package}/lib/security/pam_systemd_home.so '' + optionalString cfg.makeHomeDir '' - session required ${pkgs.pam}/lib/security/pam_mkhomedir.so silent skel=${config.security.pam.makeHomeDir.skelDirectory} umask=0077 + session required ${pkgs.pam}/lib/security/pam_mkhomedir.so silent skel=${config.security.pam.makeHomeDir.skelDirectory} umask=${config.security.pam.makeHomeDir.umask} '' + optionalString cfg.updateWtmp '' session required ${pkgs.pam}/lib/security/pam_lastlog.so silent @@ -902,6 +902,16 @@ in ''; }; + security.pam.makeHomeDir.umask = mkOption { + type = types.str; + default = "0077"; + example = "0022"; + description = lib.mdDoc '' + The user file mode creation mask to use on home directories + newly created by `pam_mkhomedir`. + ''; + }; + security.pam.enableSSHAgentAuth = mkOption { type = types.bool; default = false; |