diff options
| author | Guillaume Girol <symphorien@users.noreply.github.com> | 2021-09-18 15:28:49 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-18 15:28:49 +0000 |
| commit | ceb2e6667b064ce5130f751d7b6625a81e191dec (patch) | |
| tree | 25580706229710dd815d1d228474488331eb6b6e /nixos/modules/services/scheduling | |
| parent | a92dd171bae2db6eeff74a3d31fa99e47e793359 (diff) | |
| parent | 27b0c53d237b6c0411dc5798376b0ba6fbad0df0 (diff) | |
| download | nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.tar nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.tar.gz nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.tar.bz2 nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.tar.lz nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.tar.xz nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.tar.zst nixpkgs-ceb2e6667b064ce5130f751d7b6625a81e191dec.zip | |
Merge pull request #126289 from rnhmjoj/wrappers
nixos/security/wrappers: make well-typed
Diffstat (limited to 'nixos/modules/services/scheduling')
| -rw-r--r-- | nixos/modules/services/scheduling/cron.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/scheduling/fcron.nix | 3 |
2 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix index 3bc31832946..c28956b3bfe 100644 --- a/nixos/modules/services/scheduling/cron.nix +++ b/nixos/modules/services/scheduling/cron.nix @@ -93,7 +93,12 @@ in { services.cron.enable = mkDefault (allFiles != []); } (mkIf (config.services.cron.enable) { - security.wrappers.crontab.source = "${cronNixosPkg}/bin/crontab"; + security.wrappers.crontab = + { setuid = true; + owner = "root"; + group = "root"; + source = "${cronNixosPkg}/bin/crontab"; + }; environment.systemPackages = [ cronNixosPkg ]; environment.etc.crontab = { source = pkgs.runCommand "crontabs" { inherit allFiles; preferLocalBuild = true; } diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix index 42bed21bf25..acaa995f739 100644 --- a/nixos/modules/services/scheduling/fcron.nix +++ b/nixos/modules/services/scheduling/fcron.nix @@ -136,10 +136,13 @@ in owner = "fcron"; group = "fcron"; setgid = true; + setuid = false; }; fcronsighup = { source = "${pkgs.fcron}/bin/fcronsighup"; + owner = "root"; group = "fcron"; + setuid = true; }; }; systemd.services.fcron = { |