diff options
Diffstat (limited to 'nixos/modules/services/scheduling/atd.nix')
| -rw-r--r-- | nixos/modules/services/scheduling/atd.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix index 0216c9771c96..77a3f6b51e80 100644 --- a/nixos/modules/services/scheduling/atd.nix +++ b/nixos/modules/services/scheduling/atd.nix @@ -42,6 +42,8 @@ in config = mkIf cfg.enable { + # Not wrapping "batch" because it's a shell script (kernel drops perms + # anyway) and it's patched to invoke the "at" setuid wrapper. security.wrappers = builtins.listToAttrs ( map (program: { name = "${program}"; value = { source = "${at}/bin/${program}"; @@ -49,7 +51,7 @@ in group = "atd"; setuid = true; setgid = true; - };}) [ "at" "atq" "atrm" "batch" ]); + };}) [ "at" "atq" "atrm" ]); environment.systemPackages = [ at ]; |