everything?: Updating every package that depended on the old setuidPrograms configuration.

2016-07-15 19:10:48 -05:00
parent 81b33eb466
commit 390ab0b3ef
15 changed files with 170 additions and 28 deletions
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -102,11 +102,48 @@ in
        chgpasswd = { rootOK = true; };
      };

-    security.setuidPrograms = [ "su" "chfn" ]
-      ++ [ "newuidmap" "newgidmap" ] # new in shadow 4.2.x
-      ++ lib.optionals config.users.mutableUsers
-      [ "passwd" "sg" "newgrp" ];
+    security.setuidPrograms = 
+    [
+      { program = "su";
+        source  = "${pkgs.shadow.su}/bin/su";
+        user    = "root";
+        group   = "root";
+        setuid  = true;        
+      }

+      { program = "chfn";
+        source  = "${pkgs.shadow.out}/bin/chfn";
+        user    = "root";
+        group   = "root";
+        setuid  = true;
+      }
+    ] ++
+    (lib.optionals config.users.mutableUsers
+     map (x: x // { user = "root";
+                    group   = "root";
+                    setuid  = true;
+                  })
+         [
+           { program = "passwd";
+             source  = "${pkgs.shadow.out}/bin/passwd";
+           }
+
+           { program = "sg";
+             source  = "${pkgs.shadow.out}/bin/sg";
+           }
+
+           { program = "newgrp";
+             source  = "${pkgs.shadow.out}/bin/newgrp";
+           }
+
+           { program = "newuidmap";
+             source  = "${pkgs.shadow.out}/bin/newuidmap";
+           }
+
+           { program = "newgidmap";
+             source  = "${pkgs.shadow.out}/bin/newgidmap";
+           }
+         ]
+    );
  };
-
 }