From a2c820c6786ef8275213838ad0bdd77b970a4168 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 15 Oct 2013 14:47:51 +0200 Subject: Turn security.pam.services into an attribute set That is, you can say security.pam.services.sshd = { options... }; instead of security.pam.services = [ { name = "sshd"; options... } ]; making it easier to override PAM settings from other modules. --- nixos/modules/programs/shadow.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'nixos/modules/programs/shadow.nix') diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 695c0b6620f..36c915f755f 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -79,22 +79,22 @@ in ]; security.pam.services = - [ { name = "chsh"; rootOK = true; } - { name = "chfn"; rootOK = true; } - { name = "su"; rootOK = true; forwardXAuth = true; } - { name = "passwd"; } + { chsh = { rootOK = true; }; + chfn = { rootOK = true; }; + su = { rootOK = true; forwardXAuth = true; }; + passwd = {}; # Note: useradd, groupadd etc. aren't setuid root, so it # doesn't really matter what the PAM config says as long as it # lets root in. - { name = "useradd"; rootOK = true; } - { name = "usermod"; rootOK = true; } - { name = "userdel"; rootOK = true; } - { name = "groupadd"; rootOK = true; } - { name = "groupmod"; rootOK = true; } - { name = "groupmems"; rootOK = true; } - { name = "groupdel"; rootOK = true; } - { name = "login"; startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; } - ]; + useradd = { rootOK = true; }; + usermod = { rootOK = true; }; + userdel = { rootOK = true; }; + groupadd = { rootOK = true; }; + groupmod = { rootOK = true; }; + groupmems = { rootOK = true; }; + groupdel = { rootOK = true; }; + login = { startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; }; + }; security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ]; -- cgit 1.4.1