Merge pull request #140359 from rnhmjoj/setgid-nobody

nixos: make setgid wrappers root-owned

5 files changed, 8 insertions, 8 deletions

diff --git a/nixos/modules/programs/ccache.nix b/nixos/modules/programs/ccache.nix
index 35a4373f612..0f7fd0a3683 100644
--- a/nixos/modules/programs/ccache.nix
+++ b/nixos/modules/programs/ccache.nix
@@ -28,7 +28,7 @@ in {
 
       # "nix-ccache --show-stats" and "nix-ccache --clear"
       security.wrappers.nix-ccache = {
-        owner = "nobody";
+        owner = "root";
         group = "nixbld";
         setuid = false;
         setgid = true;
diff --git a/nixos/modules/programs/mosh.nix b/nixos/modules/programs/mosh.nix
index 359fe23e0ec..e08099e21a0 100644
--- a/nixos/modules/programs/mosh.nix
+++ b/nixos/modules/programs/mosh.nix
@@ -33,7 +33,7 @@ in
     security.wrappers = mkIf cfg.withUtempter {
       utempter = {
         source = "${pkgs.libutempter}/lib/utempter/utempter";
-        owner = "nobody";
+        owner = "root";
         group = "utmp";
         setuid = false;
         setgid = true;
diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix
index 7c1df2dda82..e7632be2804 100644
--- a/nixos/modules/services/mail/opensmtpd.nix
+++ b/nixos/modules/services/mail/opensmtpd.nix
@@ -103,7 +103,7 @@ in {
     };
 
     security.wrappers.smtpctl = {
-      owner = "nobody";
+      owner = "root";
       group = "smtpq";
       setuid = false;
       setgid = true;
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index 1fc303ffc8b..6fc09682e0c 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -674,7 +674,7 @@ in
       services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
         program = "sendmail";
         source = "${pkgs.postfix}/bin/sendmail";
-        owner = "nobody";
+        owner = "root";
         group = setgidGroup;
         setuid = false;
         setgid = true;
@@ -683,7 +683,7 @@ in
       security.wrappers.mailq = {
         program = "mailq";
         source = "${pkgs.postfix}/bin/mailq";
-        owner = "nobody";
+        owner = "root";
         group = setgidGroup;
         setuid = false;
         setgid = true;
@@ -692,7 +692,7 @@ in
       security.wrappers.postqueue = {
         program = "postqueue";
         source = "${pkgs.postfix}/bin/postqueue";
-        owner = "nobody";
+        owner = "root";
         group = setgidGroup;
         setuid = false;
         setgid = true;
@@ -701,7 +701,7 @@ in
       security.wrappers.postdrop = {
         program = "postdrop";
         source = "${pkgs.postfix}/bin/postdrop";
-        owner = "nobody";
+        owner = "root";
         group = setgidGroup;
         setuid = false;
         setgid = true;
diff --git a/nixos/modules/services/x11/desktop-managers/cde.nix b/nixos/modules/services/x11/desktop-managers/cde.nix
index 7eb4d1bf729..6c7105729cf 100644
--- a/nixos/modules/services/x11/desktop-managers/cde.nix
+++ b/nixos/modules/services/x11/desktop-managers/cde.nix
@@ -50,7 +50,7 @@ in {
     security.wrappers = {
       dtmail = {
         setgid = true;
-        owner = "nobody";
+        owner = "root";
         group = "mail";
         source = "${pkgs.cdesktopenv}/bin/dtmail";
       };