diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-09-06 17:23:27 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-09-06 17:23:27 +0200 |
commit | 98102ebd92ab52e198271dce02515023baa7d6d5 (patch) | |
tree | 664687e57f945db51d740d547c7deb9db111ec41 /nixos/modules/security/pam.nix | |
parent | 9ab141ce273940e65f5243022d34740e4aa005d0 (diff) | |
download | nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.tar nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.tar.gz nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.tar.bz2 nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.tar.lz nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.tar.xz nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.tar.zst nixpkgs-98102ebd92ab52e198271dce02515023baa7d6d5.zip |
Enable the runuser command from util-linux
Fixes #14701.
Diffstat (limited to 'nixos/modules/security/pam.nix')
-rw-r--r-- | nixos/modules/security/pam.nix | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 77815cd6dcc..814dd21b53d 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -105,6 +105,16 @@ let ''; }; + setEnvironment = mkOption { + type = types.bool; + default = true; + description = '' + Whether the service should set the environment variables + listed in <option>environment.sessionVariables</option> + using <literal>pam_env.so</literal>. + ''; + }; + setLoginUid = mkOption { type = types.bool; description = '' @@ -284,7 +294,9 @@ let "password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"} # Session management. - session required pam_env.so envfile=${config.system.build.pamEnvironment} + ${optionalString cfg.setEnvironment '' + session required pam_env.so envfile=${config.system.build.pamEnvironment} + ''} session required pam_unix.so ${optionalString cfg.setLoginUid "session ${ @@ -477,6 +489,13 @@ in vlock = {}; xlock = {}; xscreensaver = {}; + + runuser = { rootOK = true; unixAuth = false; setEnvironment = false; }; + + /* FIXME: should runuser -l start a systemd session? Currently + it complains "Cannot create session: Already running in a + session". */ + runuser-l = { rootOK = true; unixAuth = false; }; }; }; |