Merge pull request #33866 from yesbox/fix_newgrp

nixos: sg/newgrp should always be available, not chfn
author: Frederik Rietdijk <freddyrietdijk@fridh.nl> 2018-02-05 10:47:23 +0000
committer: GitHub <noreply@github.com> 2018-02-05 10:47:23 +0000
commit: ba34a70086aebe70302faf79af2ed53925f172af (patch)
tree: 2e511c941e5bc06045481617e3ff2e9e8cabb9f3 /nixos
parent: 030badc427ff48d3b29ea43109b0612e489d4eff (diff)
parent: 8c0558dbb2469b7799515abd108d2fa4adbc4636 (diff)
download: nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar
nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.gz
nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.bz2
nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.lz
nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.xz
nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.zst
nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
index 0f3f42901ba..8ec4169207d 100644
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -26,8 +26,9 @@ let
       # Ensure privacy for newly created home directories.
       UMASK        077
 
-      # Uncomment this to allow non-root users to change their account
-      #information.  This should be made configurable.
+      # Uncomment this and install chfn SUID to allow non-root
+      # users to change their account GECOS information.
+      # This should be made configurable.
       #CHFN_RESTRICT frwh
 
     '';
@@ -103,13 +104,12 @@ in
 
     security.wrappers = {
       su.source        = "${pkgs.shadow.su}/bin/su";
-      chfn.source      = "${pkgs.shadow.out}/bin/chfn";
+      sg.source        = "${pkgs.shadow.out}/bin/sg";
+      newgrp.source    = "${pkgs.shadow.out}/bin/newgrp";
       newuidmap.source = "${pkgs.shadow.out}/bin/newuidmap";
       newgidmap.source = "${pkgs.shadow.out}/bin/newgidmap";
     } // (if config.users.mutableUsers then {
       passwd.source    = "${pkgs.shadow.out}/bin/passwd";
-      sg.source        = "${pkgs.shadow.out}/bin/sg";
-      newgrp.source    = "${pkgs.shadow.out}/bin/newgrp";
     } else {});
   };
 }
author	Frederik Rietdijk <freddyrietdijk@fridh.nl>	2018-02-05 10:47:23 +0000
committer	GitHub <noreply@github.com>	2018-02-05 10:47:23 +0000
commit	ba34a70086aebe70302faf79af2ed53925f172af (patch)
tree	2e511c941e5bc06045481617e3ff2e9e8cabb9f3 /nixos
parent	030badc427ff48d3b29ea43109b0612e489d4eff (diff)
parent	8c0558dbb2469b7799515abd108d2fa4adbc4636 (diff)
download	nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.gz nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.bz2 nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.lz nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.xz nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.tar.zst nixpkgs-ba34a70086aebe70302faf79af2ed53925f172af.zip