[Nix-commits] SVN commit: nix - r23165 - nixos/trunk/modules/security

Fri, 13 Aug 2010 07:07:46 -0700 

Author: urkud
Date: Fri Aug 13 14:07:34 2010
New Revision: 23165
URL: https://svn.nixos.org/websvn/nix/?rev=23165&sc=1

Log:
Add unix_chkpwd suid wrapper

Modified:
   nixos/trunk/modules/security/pam.nix
   nixos/trunk/modules/security/setuid-wrappers.nix

Modified: nixos/trunk/modules/security/pam.nix
==============================================================================
--- nixos/trunk/modules/security/pam.nix        Fri Aug 13 14:06:41 2010        
(r23164)
+++ nixos/trunk/modules/security/pam.nix        Fri Aug 13 14:07:34 2010        
(r23165)
@@ -191,7 +191,7 @@
   ###### implementation
 
   config = {
-  
+
     environment.systemPackages =
       # Include the PAM modules in the system path mostly for the manpages.
       [ pkgs.pam ]
@@ -205,6 +205,14 @@
           target = "pam.d/other";
         };
 
+    security.setuidOwners = [ {
+      program = "unix_chkpwd";
+      source = "${pkgs.pam}/sbin/unix_chkpwd.orig";
+      owner = "root";
+      setuid = true;
+    } ];
+
+
     security.pam.services =
       # Most of these should be moved to specific modules.
       [ { name = "cups"; }
@@ -217,5 +225,5 @@
       ];
 
   };
-  
+
 }

Modified: nixos/trunk/modules/security/setuid-wrappers.nix
==============================================================================
--- nixos/trunk/modules/security/setuid-wrappers.nix    Fri Aug 13 14:06:41 
2010        (r23164)
+++ nixos/trunk/modules/security/setuid-wrappers.nix    Fri Aug 13 14:07:34 
2010        (r23165)
@@ -62,7 +62,8 @@
       default = "/var/setuid-wrappers";
       description = ''
         This option defines the path to the setuid wrappers.  It
-        should generally not be overriden.
+        should generally not be overriden. Some packages in nixpkgs rely on
+        wrapperDir == /var/setuid-wrappers
       '';
     };
 
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits

Reply via email to