diff options
author | Luca Bruno <lethalman88@gmail.com> | 2014-05-16 22:37:44 +0200 |
---|---|---|
committer | Luca Bruno <lethalman88@gmail.com> | 2015-01-14 18:32:08 +0100 |
commit | 804a958663786be9067c2924c75f6406612fbc1b (patch) | |
tree | 7bca3287d7ce5755cac48911f1b82500dd05361d /nixos | |
parent | 0ab270770bceb681836767d8b09216afb0423b30 (diff) | |
download | nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.tar nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.tar.gz nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.tar.bz2 nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.tar.lz nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.tar.xz nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.tar.zst nixpkgs-804a958663786be9067c2924c75f6406612fbc1b.zip |
pam: add pam_wheel
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/pam.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 3b5dd41868b..65761865859 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -122,6 +122,14 @@ let ''; }; + requireWheel = mkOption { + default = false; + type = types.bool; + description = '' + Whether to permit root access only to members of group wheel. + ''; + }; + limits = mkOption { description = '' Attribute set describing resource limits. Defaults to the @@ -184,6 +192,8 @@ let # Authentication management. ${optionalString cfg.rootOK "auth sufficient pam_rootok.so"} + ${optionalString cfg.requireWheel + "auth required pam_wheel.so use_uid"} ${optionalString cfg.logFailures "auth required pam_tally.so"} ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth) |