nixos: condition shadow setuid-wrappers on mutableUsers

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Having junk setuid wrappers in PATH is annoying.

Joachim Fasting 11 years ago 75ab7bf9 2d8cfe76

+4 -2

1 changed file

expand all

nixos

modules

programs

shadow.nix

+4 -2

nixos/modules/programs/shadow.nix

··· 100 100 chgpasswd = { rootOK = true; }; 101 101 }; 102 102 103 - security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp" 104 - "newuidmap" "newgidmap" # new in shadow 4.2.x 103 + security.setuidPrograms = [ "su" "chfn" ] 104 + ++ lib.optionals config.users.mutableUsers 105 + [ "passwd" "sg" "newgrp" 106 + "newuidmap" "newgidmap" # new in shadow 4.2.x 105 107 ]; 106 108 107 109 };