nixos/sudo: Only keep SSH_AUTH_SOCK if used for authentication
This will make compatibility with `sudo-rs` easier.
This commit is contained in:
parent
454151375d
commit
8742134c80
1 changed files with 6 additions and 2 deletions
|
@ -6,6 +6,10 @@ let
|
|||
|
||||
cfg = config.security.sudo;
|
||||
|
||||
enableSSHAgentAuth =
|
||||
with config.security;
|
||||
pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth;
|
||||
|
||||
inherit (pkgs) sudo;
|
||||
|
||||
toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
|
||||
|
@ -210,10 +214,10 @@ in
|
|||
# Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
|
||||
# or ‘security.sudo.extraRules’ instead.
|
||||
''
|
||||
''
|
||||
(optionalString enableSSHAgentAuth ''
|
||||
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
|
||||
Defaults env_keep+=SSH_AUTH_SOCK
|
||||
''
|
||||
'')
|
||||
''
|
||||
# "root" is allowed to do anything.
|
||||
root ALL=(ALL:ALL) SETENV: ALL
|
||||
|
|
Loading…
Reference in a new issue