diff options
| author | rnhmjoj <rnhmjoj@inventati.org> | 2021-10-03 11:43:13 +0200 |
|---|---|---|
| committer | rnhmjoj <rnhmjoj@inventati.org> | 2021-10-03 11:44:57 +0200 |
| commit | 31790c81dcffee8c267cbc01f16938497ed172af (patch) | |
| tree | 833ade1312a99c22ac689fe281320d675e9c3fd9 | |
| parent | 378d2c5dcec7fef958cca3760448c09a9be2b7a3 (diff) | |
| download | nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.tar nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.tar.gz nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.tar.bz2 nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.tar.lz nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.tar.xz nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.tar.zst nixpkgs-31790c81dcffee8c267cbc01f16938497ed172af.zip | |
nixos: make setgid wrappers root-owned
| -rw-r--r-- | nixos/modules/programs/ccache.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/programs/mosh.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/mail/opensmtpd.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 8 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/cde.nix | 2 |
5 files changed, 8 insertions, 8 deletions
diff --git a/nixos/modules/programs/ccache.nix b/nixos/modules/programs/ccache.nix index 35a4373f612..0f7fd0a3683 100644 --- a/nixos/modules/programs/ccache.nix +++ b/nixos/modules/programs/ccache.nix @@ -28,7 +28,7 @@ in { # "nix-ccache --show-stats" and "nix-ccache --clear" security.wrappers.nix-ccache = { - owner = "nobody"; + owner = "root"; group = "nixbld"; setuid = false; setgid = true; diff --git a/nixos/modules/programs/mosh.nix b/nixos/modules/programs/mosh.nix index 359fe23e0ec..e08099e21a0 100644 --- a/nixos/modules/programs/mosh.nix +++ b/nixos/modules/programs/mosh.nix @@ -33,7 +33,7 @@ in security.wrappers = mkIf cfg.withUtempter { utempter = { source = "${pkgs.libutempter}/lib/utempter/utempter"; - owner = "nobody"; + owner = "root"; group = "utmp"; setuid = false; setgid = true; diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index ef7d53e7d92..e2647b90907 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -103,7 +103,7 @@ in { }; security.wrappers.smtpctl = { - owner = "nobody"; + owner = "root"; group = "smtpq"; setuid = false; setgid = true; diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index da18fae4ca7..6610399cad6 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -673,7 +673,7 @@ in services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -682,7 +682,7 @@ in security.wrappers.mailq = { program = "mailq"; source = "${pkgs.postfix}/bin/mailq"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -691,7 +691,7 @@ in security.wrappers.postqueue = { program = "postqueue"; source = "${pkgs.postfix}/bin/postqueue"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -700,7 +700,7 @@ in security.wrappers.postdrop = { program = "postdrop"; source = "${pkgs.postfix}/bin/postdrop"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; diff --git a/nixos/modules/services/x11/desktop-managers/cde.nix b/nixos/modules/services/x11/desktop-managers/cde.nix index 24ca82fca79..9c0e482ea9f 100644 --- a/nixos/modules/services/x11/desktop-managers/cde.nix +++ b/nixos/modules/services/x11/desktop-managers/cde.nix @@ -50,7 +50,7 @@ in { security.wrappers = { dtmail = { setgid = true; - owner = "nobody"; + owner = "root"; group = "mail"; source = "${pkgs.cdesktopenv}/bin/dtmail"; }; |