diff options
| author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2018-10-17 14:48:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-17 14:48:43 +0100 |
| commit | f6ded23889f652c6e46736eeb721104fbb92c888 (patch) | |
| tree | d2d89d5d0775bbf1931f7395100e2b2d0d7c1d4d /nixos | |
| parent | 2ed287720e0109f0de96472e0a038a0cc081c27b (diff) | |
| parent | 91ddc9d27f669e1dc09012cc7577377bf4e90e69 (diff) | |
| download | nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.tar nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.tar.gz nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.tar.bz2 nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.tar.lz nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.tar.xz nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.tar.zst nixpkgs-f6ded23889f652c6e46736eeb721104fbb92c888.zip | |
Merge pull request #48460 from Mic92/postfix-setuid
postfix: add setgid wrapper for postqueue/postdrop
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 33249aa3e55..d43733484ff 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -602,7 +602,7 @@ in target = "postfix"; }; - # This makes comfortable for root to run 'postqueue' for example. + # This makes it comfortable to run 'postqueue/postdrop' for example. systemPackages = [ pkgs.postfix ]; }; @@ -616,6 +616,22 @@ in setgid = true; }; + security.wrappers.postqueue = { + program = "postqueue"; + source = "${pkgs.postfix}/bin/postqueue"; + group = setgidGroup; + setuid = false; + setgid = true; + }; + + security.wrappers.postdrop = { + program = "postdrop"; + source = "${pkgs.postfix}/bin/postdrop"; + group = setgidGroup; + setuid = false; + setgid = true; + }; + users.users = optional (user == "postfix") { name = "postfix"; description = "Postfix mail server user"; |