diff options
Diffstat (limited to 'nixos/modules/security/pam.nix')
-rw-r--r-- | nixos/modules/security/pam.nix | 35 |
1 files changed, 8 insertions, 27 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index c5088b64bb31..3c944acf6cfa 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -472,33 +472,14 @@ in ++ optionals config.security.pam.enableU2F [ pkgs.pam_u2f ] ++ optionals config.security.pam.enableEcryptfs [ pkgs.ecryptfs ]; - security.permissionsWrappers.setuid = - [ - { program = "unix_chkpwd"; - source = "${pkgs.pam}/sbin/unix_chkpwd.orig"; - owner = "root"; - group = "root"; - setuid = true; - } - - - - ] ++ (optional config.security.pam.enableEcryptfs - { program = "umount.ecryptfs_private"; - source = "${pkgs.ecryptfs.out}/bin/umount.ecryptfs_private"; - owner = "root"; - group = "root"; - setuid = true; - } - ) ++ (optional config.security.pam.enableEcryptfs - { program = "mount.ecryptfs_private"; - source = "${pkgs.ecryptfs.out}/bin/mount.ecryptfs_private"; - owner = "root"; - group = "root"; - setuid = true; - } - ); - + security.setuidPrograms = + optionals config.security.pam.enableEcryptfs [ "mount.ecryptfs_private" "umount.ecryptfs_private" ]; + + security.wrappers.unix_chkpwd = { + source = "${pkgs.pam}/sbin/unix_chkpwd.orig"; + owner = "root"; + setuid = true; + }; environment.etc = mapAttrsToList (n: v: makePAMService v) config.security.pam.services; |