diff options
| author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2021-10-06 08:36:35 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-06 08:36:35 +0200 |
| commit | e99b3f242c32688cc0b101e53838eff586ce5714 (patch) | |
| tree | 4dabaaa791cc1bc8a77950db20e7763558b7003b /nixos/modules/services/mail/postfix.nix | |
| parent | 01bd5f8e0dc866e28808bd6acc6e1fe65e08cf34 (diff) | |
| parent | 31790c81dcffee8c267cbc01f16938497ed172af (diff) | |
| download | nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.gz nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.bz2 nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.lz nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.xz nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.tar.zst nixpkgs-e99b3f242c32688cc0b101e53838eff586ce5714.zip | |
Merge pull request #140359 from rnhmjoj/setgid-nobody
nixos: make setgid wrappers root-owned
Diffstat (limited to 'nixos/modules/services/mail/postfix.nix')
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 1fc303ffc8b..6fc09682e0c 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -674,7 +674,7 @@ in services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail { program = "sendmail"; source = "${pkgs.postfix}/bin/sendmail"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -683,7 +683,7 @@ in security.wrappers.mailq = { program = "mailq"; source = "${pkgs.postfix}/bin/mailq"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -692,7 +692,7 @@ in security.wrappers.postqueue = { program = "postqueue"; source = "${pkgs.postfix}/bin/postqueue"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; @@ -701,7 +701,7 @@ in security.wrappers.postdrop = { program = "postdrop"; source = "${pkgs.postfix}/bin/postdrop"; - owner = "nobody"; + owner = "root"; group = setgidGroup; setuid = false; setgid = true; |