Merge pull request #7345 from joachifm/conditional-shadow-setuids

nixos: condition shadow setuid-wrappers on mutableUsers
2015-04-14 13:23:19 +02:00 · 2015-04-14 13:23:19 +02:00 · 6edc3022ef
commit 6edc3022ef
parent 4beadc79dc 75ab7bf960
1 changed files with 4 additions and 2 deletions
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@ -100,8 +100,10 @@ in
        chgpasswd = { rootOK = true; };
      };

-    security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"
-      "newuidmap" "newgidmap"  # new in shadow 4.2.x
+    security.setuidPrograms = [ "su" "chfn" ]
+      ++ lib.optionals config.users.mutableUsers
+      [ "passwd" "sg" "newgrp"
+        "newuidmap" "newgidmap" # new in shadow 4.2.x
      ];

  };