From 51b165c7d20d53b4581622a934a9e0abd7e43800 Mon Sep 17 00:00:00 2001
From: Benno Fünfstück <benno.fuenfstueck@gmail.com>
Date: Fri, 19 Aug 2016 14:47:11 +0200
Subject: nixos/shadow: setuid wrappers for new{uid,gid}map

These utils are not related to user management, so they should be
available even if immutable users are enabled.
---
 nixos/modules/programs/shadow.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
index 6398509357a6..878c9cc0cf09 100644
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -103,10 +103,9 @@ in
       };
 
     security.setuidPrograms = [ "su" "chfn" ]
+      ++ [ "newuidmap" "newgidmap" ] # new in shadow 4.2.x
       ++ lib.optionals config.users.mutableUsers
-      [ "passwd" "sg" "newgrp"
-        "newuidmap" "newgidmap" # new in shadow 4.2.x
-      ];
+      [ "passwd" "sg" "newgrp" ];
 
   };
 
-- 
cgit 1.4.1