mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 19:51:17 +00:00
Code Issues Wiki Activity

nixos/sudo: Only keep SSH_AUTH_SOCK if used for authentication

Browse source 
This will make compatibility with `sudo-rs` easier.
This commit is contained in:
nicoo 2023-09-04 21:06:12 +00:00
parent 454151375d
commit 8742134c80
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/security/sudo.nix
View file

@ -6,6 +6,10 @@ let
cfg = config.security.sudo;
enableSSHAgentAuth =
with config.security;
pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth;
inherit (pkgs) sudo;
toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
@ -210,10 +214,10 @@ in
# Don't edit this file. Set the NixOS options security.sudo.configFile
# or security.sudo.extraRules instead.
''
''
(optionalString enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK
''
'')
''
# "root" is allowed to do anything.
root ALL=(ALL:ALL) SETENV: ALL