diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2015-04-12 21:42:50 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2015-04-14 00:27:11 +0200 |
| commit | 75ab7bf96035c23293fd1db373ea5f512a0ec6fa (patch) | |
| tree | 49bc1cafd42dc34ce91ad355691c1a17bda3705a /nixos/modules/programs | |
| parent | 2d8cfe76a9e4f05e391d30f1654d45dee5993b8a (diff) | |
| download | nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.tar nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.tar.gz nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.tar.bz2 nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.tar.lz nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.tar.xz nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.tar.zst nixlib-75ab7bf96035c23293fd1db373ea5f512a0ec6fa.zip | |
nixos: condition shadow setuid-wrappers on mutableUsers
Having junk setuid wrappers in PATH is annoying.
Diffstat (limited to 'nixos/modules/programs')
| -rw-r--r-- | nixos/modules/programs/shadow.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 895ecb122cb6..566398d839fd 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -100,8 +100,10 @@ in chgpasswd = { rootOK = true; }; }; - security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp" - "newuidmap" "newgidmap" # new in shadow 4.2.x + security.setuidPrograms = [ "su" "chfn" ] + ++ lib.optionals config.users.mutableUsers + [ "passwd" "sg" "newgrp" + "newuidmap" "newgidmap" # new in shadow 4.2.x ]; }; |