diff options
author | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-07-15 19:10:48 -0500 |
---|---|---|
committer | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-09-01 19:17:43 -0500 |
commit | 390ab0b3eff809052d5b9d9b5335413b36898481 (patch) | |
tree | 15700959b5c568cff51e2e8abafed931bff7e6dd /nixos/modules/security/pam_usb.nix | |
parent | 81b33eb46645b1bd3ab5029c0ca2012a24902bb0 (diff) | |
download | nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.tar nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.tar.gz nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.tar.bz2 nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.tar.lz nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.tar.xz nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.tar.zst nixpkgs-390ab0b3eff809052d5b9d9b5335413b36898481.zip |
everything?: Updating every package that depended on the old setuidPrograms configuration.
Diffstat (limited to 'nixos/modules/security/pam_usb.nix')
-rw-r--r-- | nixos/modules/security/pam_usb.nix | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/nixos/modules/security/pam_usb.nix b/nixos/modules/security/pam_usb.nix index 11708a1f016..699cf6306e1 100644 --- a/nixos/modules/security/pam_usb.nix +++ b/nixos/modules/security/pam_usb.nix @@ -32,10 +32,25 @@ in config = mkIf (cfg.enable || anyUsbAuth) { - # pmount need to have a set-uid bit to make pam_usb works in user - # environment. (like su, sudo) - - security.setuidPrograms = [ "pmount" "pumount" ]; + # Make sure pmount and pumount are setuid wrapped. + security.permissionsWrappers.setuid = + [ + { program = "pmount"; + source = "${pkgs.pmount.out}/bin/pmount"; + user = "root"; + group = "root"; + setuid = true; + } + + { program = "pumount"; + source = "${pkgs.pmount.out}/bin/pumount"; + user = "root"; + group = "root"; + setuid = true; + } + ]; + +setuidPrograms = [ "pmount" "pumount" ]; environment.systemPackages = [ pkgs.pmount ]; }; |