diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-05-28 14:59:34 +0000 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-05-28 14:59:34 +0000 |
commit | 540c673364ecef13bd0b810d8d7b0dde901bbf78 (patch) | |
tree | c36dc61ed2edbfaa6ac9d67dd4fa47f31b0b91ad /modules | |
parent | 39ea835dbc8b3af356e51cd674c66b4de5f0fffa (diff) | |
download | nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.tar nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.tar.gz nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.tar.bz2 nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.tar.lz nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.tar.xz nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.tar.zst nixpkgs-540c673364ecef13bd0b810d8d7b0dde901bbf78.zip |
* Enable the `chfn' program. Note that by default non-root users are
still not permitted to change their account information, as specified in login.defs. svn path=/nixos/trunk/; revision=22049
Diffstat (limited to 'modules')
-rw-r--r-- | modules/programs/pwdutils/login.defs | 4 | ||||
-rw-r--r-- | modules/security/pam.nix | 1 | ||||
-rw-r--r-- | modules/security/setuid-wrappers.nix | 2 |
3 files changed, 6 insertions, 1 deletions
diff --git a/modules/programs/pwdutils/login.defs b/modules/programs/pwdutils/login.defs index a310ca5af5a..98610a88ca8 100644 --- a/modules/programs/pwdutils/login.defs +++ b/modules/programs/pwdutils/login.defs @@ -12,3 +12,7 @@ GID_MAX 29999 TTYGROUP tty TTYPERM 0620 + +# Uncomment this to allow non-root users to change their account +#information. This should be made configurable. +#CHFN_RESTRICT frwh diff --git a/modules/security/pam.nix b/modules/security/pam.nix index fd1aae65ac9..0ee7595a5e1 100644 --- a/modules/security/pam.nix +++ b/modules/security/pam.nix @@ -204,6 +204,7 @@ in { name = "sshd"; } { name = "xlock"; } { name = "chsh"; rootOK = true; } + { name = "chfn"; rootOK = true; } { name = "su"; rootOK = true; forwardXAuth = true; } # Note: useradd, groupadd etc. aren't setuid root, so it # doesn't really matter what the PAM config says as long as it diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix index 510c99b2f58..aa85ee20dc9 100644 --- a/modules/security/setuid-wrappers.nix +++ b/modules/security/setuid-wrappers.nix @@ -74,7 +74,7 @@ in config = { security.setuidPrograms = - [ "passwd" "su" "crontab" "ping" "ping6" + [ "passwd" "chfn" "su" "crontab" "ping" "ping6" "fusermount" "wodim" "cdrdao" "growisofs" ]; |