diff options
author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2021-10-06 08:36:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-06 08:36:35 +0200 |
commit | e99b3f242c32688cc0b101e53838eff586ce5714 (patch) | |
tree | 4dabaaa791cc1bc8a77950db20e7763558b7003b | |
parent | 01bd5f8e0dc866e28808bd6acc6e1fe65e08cf34 (diff) | |
parent | 31790c81dcffee8c267cbc01f16938497ed172af (diff) | |
download | nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.gz nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.bz2 nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.lz nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.xz nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.zst nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.zip |
Merge pull request #140359 from rnhmjoj/setgid-nobody
nixos: make setgid wrappers root-owned
-rw-r--r-- | nixos/modules/programs/ccache.nix | 2 | ||||
-rw-r--r-- | nixos/modules/programs/mosh.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/mail/opensmtpd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/mail/postfix.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/cde.nix | 2 |
5 files changed, 8 insertions, 8 deletions
diff --git a/nixos/modules/programs/ccache.nix b/nixos/modules/programs/ccache.nix index 35a4373f612..0f7fd0a3683 100644 --- a/nixos/modules/programs/ccache.nix +++ b/nixos/modules/programs/ccache.nix @@ -28,7 +28,7 @@ in { # "nix-ccache --show-stats" and "nix-ccache --clear" security.wrappers.nix-ccache = { - owner = "nobody"; + owner = "root"; group = "nixbld"; setuid = false; setgid = true; diff --git a/nixos/modules/programs/mosh.nix b/nixos/modules/programs/mosh.nix index 359fe23e0ec..e08099e21a0 100644 --- a/nixos/modules/programs/mosh.nix +++ b/nixos/modules/programs/mosh.nix @@ -33,7 +33,7 @@ in security.wrappers = mkIf cfg.withUtempter { utempter = { source = "${pkgs.libutempter}/lib/utempter/utempter"; - owner = "nobody"; + owner = "root"; group = "utmp"; setuid = false; setgid = true; diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix index 7c1df2dda82..e7632be2804 100644 --- a/nixos/modules/services/mail/opensmtpd.nix +++ b/nixos/modules/services/mail/opensmtpd.nix @@ -103,7 +103,7 @@ in { }; security.wrappers.smtpctl = { - owner = "nobody"; + owner = "root"; group = "smtpq"; setuid = false; setgid = true; diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 1fc303ffc8b..6fc09682e0c 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -674,7 +674,7 @@ in services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -683,7 +683,7 @@ in security.wrappers.mailq = { program = "mailq"; source = "${pkgs.postfix}/bin/mailq"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -692,7 +692,7 @@ in security.wrappers.postqueue = { program = "postqueue"; source = "${pkgs.postfix}/bin/postqueue"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -701,7 +701,7 @@ in security.wrappers.postdrop = { program = "postdrop"; source = "${pkgs.postfix}/bin/postdrop"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; diff --git a/nixos/modules/services/x11/desktop-managers/cde.nix b/nixos/modules/services/x11/desktop-managers/cde.nix index 7eb4d1bf729..6c7105729cf 100644 --- a/nixos/modules/services/x11/desktop-managers/cde.nix +++ b/nixos/modules/services/x11/desktop-managers/cde.nix @@ -50,7 +50,7 @@ in { security.wrappers = { dtmail = { setgid = true; - owner = "nobody"; + owner = "root"; group = "mail"; source = "${pkgs.cdesktopenv}/bin/dtmail"; }; |