From 75ab7bf96035c23293fd1db373ea5f512a0ec6fa Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sun, 12 Apr 2015 21:42:50 +0200 Subject: [PATCH] nixos: condition shadow setuid-wrappers on mutableUsers Having junk setuid wrappers in PATH is annoying. --- nixos/modules/programs/shadow.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix index 895ecb122cb6..566398d839fd 100644 --- a/nixos/modules/programs/shadow.nix +++ b/nixos/modules/programs/shadow.nix @@ -100,8 +100,10 @@ in chgpasswd = { rootOK = true; }; }; - security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp" - "newuidmap" "newgidmap" # new in shadow 4.2.x + security.setuidPrograms = [ "su" "chfn" ] + ++ lib.optionals config.users.mutableUsers + [ "passwd" "sg" "newgrp" + "newuidmap" "newgidmap" # new in shadow 4.2.x ]; };