diff options
author | Nico Berlee <nico.berlee@on2it.net> | 2021-08-07 12:57:50 +0200 |
---|---|---|
committer | Artturin <Artturin@artturin.com> | 2021-11-06 17:45:00 +0200 |
commit | 90bac670c0ef7b474841c2f929a2e0d63059e8a0 (patch) | |
tree | 9aedfa07c7668a8cd8a66a787d8216756a41968c /nixos/modules | |
parent | e62c9ce9328dfea2ca48d84ec40680f18a53d100 (diff) | |
download | nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.tar nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.tar.gz nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.tar.bz2 nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.tar.lz nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.tar.xz nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.tar.zst nixpkgs-90bac670c0ef7b474841c2f929a2e0d63059e8a0.zip |
nixos/pam: pam_mkhomedir umask to 0077
pam_mkhomedir should create homedirs with the same umask as the rest of the system. Currently it creates homedirs with go+rx which makes it readable for other non-privileged users.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/security/pam.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index d6a6f7ce082..7c8db9db003 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -483,7 +483,7 @@ let if config.boot.isContainer then "optional" else "required" } pam_loginuid.so"} ${optionalString cfg.makeHomeDir - "session required ${pkgs.pam}/lib/security/pam_mkhomedir.so silent skel=${config.security.pam.makeHomeDir.skelDirectory} umask=0022"} + "session required ${pkgs.pam}/lib/security/pam_mkhomedir.so silent skel=${config.security.pam.makeHomeDir.skelDirectory} umask=0077"} ${optionalString cfg.updateWtmp "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} ${optionalString config.security.pam.enableEcryptfs |