summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorPeter Simons <simons@cryp.to>2015-04-14 13:23:19 +0200
committerPeter Simons <simons@cryp.to>2015-04-14 13:23:19 +0200
commit6edc3022ef1f22f4a0d69bf1e6fd17d52740b699 (patch)
tree3f2318edd09eebdfa32fa51b088a5a193af8c83c /nixos
parent4beadc79dce6caeaf3dbcdc815ff4d021622a855 (diff)
parent75ab7bf96035c23293fd1db373ea5f512a0ec6fa (diff)
downloadnixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.tar
nixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.tar.gz
nixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.tar.bz2
nixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.tar.lz
nixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.tar.xz
nixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.tar.zst
nixpkgs-6edc3022ef1f22f4a0d69bf1e6fd17d52740b699.zip
Merge pull request #7345 from joachifm/conditional-shadow-setuids
nixos: condition shadow setuid-wrappers on mutableUsers
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/programs/shadow.nix6
1 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
index 895ecb122cb..566398d839f 100644
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -100,8 +100,10 @@ in
         chgpasswd = { rootOK = true; };
       };
 
-    security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"
-      "newuidmap" "newgidmap"  # new in shadow 4.2.x
+    security.setuidPrograms = [ "su" "chfn" ]
+      ++ lib.optionals config.users.mutableUsers
+      [ "passwd" "sg" "newgrp"
+        "newuidmap" "newgidmap" # new in shadow 4.2.x
       ];
 
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-07 13:56:19 +0000