From 64f5d681d95ba708afef378f86c5112798cc9039 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sun, 19 Sep 2021 11:53:36 +0200 Subject: [PATCH] nixos/physlock: fix broken wrapper - `user` doesn't exist -> `owner` - set `setuid,group` as well (no longer optional) --- nixos/modules/services/security/physlock.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/security/physlock.nix b/nixos/modules/services/security/physlock.nix index da5c22a90a09..760e80f147f7 100644 --- a/nixos/modules/services/security/physlock.nix +++ b/nixos/modules/services/security/physlock.nix @@ -38,9 +38,6 @@ in setuid wrapper to allow any user to start physlock as root, which is a minor security risk. Call the physlock binary to use this instead of using the systemd service. - - Note that you might need to relog to have the correct binary in your - PATH upon changing this option. ''; }; @@ -129,7 +126,12 @@ in (mkIf cfg.allowAnyUser { - security.wrappers.physlock = { source = "${pkgs.physlock}/bin/physlock"; user = "root"; }; + security.wrappers.physlock = + { setuid = true; + owner = "root"; + group = "root"; + source = "${pkgs.physlock}/bin/physlock"; + }; }) ]);