diff options
author | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2018-02-05 10:47:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-05 10:47:23 +0000 |
commit | ba34a70086aebe70302faf79af2ed53925f172af (patch) | |
tree | 2e511c941e5bc06045481617e3ff2e9e8cabb9f3 /nixos/modules/programs | |
parent | 030badc427ff48d3b29ea43109b0612e489d4eff (diff) | |
parent | 8c0558dbb2469b7799515abd108d2fa4adbc4636 (diff) | |
download | nixlib-ba34a70086aebe70302faf79af2ed53925f172af.tar nixlib-ba34a70086aebe70302faf79af2ed53925f172af.tar.gz nixlib-ba34a70086aebe70302faf79af2ed53925f172af.tar.bz2 nixlib-ba34a70086aebe70302faf79af2ed53925f172af.tar.lz nixlib-ba34a70086aebe70302faf79af2ed53925f172af.tar.xz nixlib-ba34a70086aebe70302faf79af2ed53925f172af.tar.zst nixlib-ba34a70086aebe70302faf79af2ed53925f172af.zip |
Merge pull request #33866 from yesbox/fix_newgrp
nixos: sg/newgrp should always be available, not chfn
Diffstat (limited to 'nixos/modules/programs')
-rw-r--r-- | nixos/modules/programs/shadow.nix | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 0f3f42901bab..8ec4169207db 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -26,8 +26,9 @@ let # Ensure privacy for newly created home directories. UMASK 077 - # Uncomment this to allow non-root users to change their account - #information. This should be made configurable. + # Uncomment this and install chfn SUID to allow non-root + # users to change their account GECOS information. + # This should be made configurable. #CHFN_RESTRICT frwh ''; @@ -103,13 +104,12 @@ in security.wrappers = { su.source = "${pkgs.shadow.su}/bin/su"; - chfn.source = "${pkgs.shadow.out}/bin/chfn"; + sg.source = "${pkgs.shadow.out}/bin/sg"; + newgrp.source = "${pkgs.shadow.out}/bin/newgrp"; newuidmap.source = "${pkgs.shadow.out}/bin/newuidmap"; newgidmap.source = "${pkgs.shadow.out}/bin/newgidmap"; } // (if config.users.mutableUsers then { passwd.source = "${pkgs.shadow.out}/bin/passwd"; - sg.source = "${pkgs.shadow.out}/bin/sg"; - newgrp.source = "${pkgs.shadow.out}/bin/newgrp"; } else {}); }; } |