public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extra sudo configuration file from:

Browse Source 
- system/options.nix
- system/system.nix
- etc/default.nix

svn path=/nixos/branches/fix-style/; revision=13681
This commit is contained in:
Nicolas Pierron 2009-01-02 16:07:15 +00:00
parent 79bfab0e07
commit 44f1d9f0bf
4 changed files with 90 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
etc/default.nix
View File

@ -192,19 +192,6 @@ let
target = "ldap.conf"; target = "ldap.conf";
} }
# "sudo" configuration.
++ optional config.security.sudo.enable {
source = pkgs.runCommand "sudoers"
{ src = pkgs.writeText "sudoers-in" (config.security.sudo.configFile);
}
# Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66)
#"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
"cp $src $out";
target = "sudoers";
mode = "0440";
}
# A bunch of PAM configuration files for various programs. # A bunch of PAM configuration files for various programs.
++ (map ++ (map
(program: (program:
@ -227,7 +214,6 @@ let
"login" "login"
"slim" "slim"
"su" "su"
"sudo"
"other" "other"
"passwd" "passwd"
"shadow" "shadow"

34
system/options.nix
View File

@ -2608,37 +2608,6 @@ in
}; };
}; };
sudo = {
enable = mkOption {
default = true;
description = "
Whether to enable the <command>sudo</command> command, which
allows non-root users to execute commands as root.
";
};
configFile = mkOption {
default = "
# WARNING: do not edit this file directly or with \"visudo\". Instead,
# edit the source file in /etc/nixos/nixos/etc/sudoers.
# \"root\" is allowed to do anything.
root ALL=(ALL) SETENV: ALL
# Users in the \"wheel\" group can do anything.
%wheel ALL=(ALL) SETENV: ALL
";
description = "
This string contains the contents of the
<filename>sudoers</filename> file. If syntax errors are
detected in this file, the NixOS configuration will fail to
build.
";
};
};
}; };
@ -2853,6 +2822,9 @@ root ALL=(ALL) SETENV: ALL
(import ../system/activate-configuration.nix) (import ../system/activate-configuration.nix)
(import ../upstart-jobs/default.nix) (import ../upstart-jobs/default.nix)
# security
(import ../system/sudo.nix)
# environment # environment
(import ../etc/default.nix) (import ../etc/default.nix)

87
system/sudo.nix Normal file
View File

@ -0,0 +1,87 @@
{pkgs, config, ...}:
###### interface
let
inherit (pkgs.lib) mkOption;
options = {
security = {
sudo = {
enable = mkOption {
default = true;
description = "
Whether to enable the <command>sudo</command> command, which
allows non-root users to execute commands as root.
";
};
configFile = mkOption {
default = "
# WARNING: do not edit this file directly or with \"visudo\". Instead,
# edit the source file in /etc/nixos/nixos/etc/sudoers.
# \"root\" is allowed to do anything.
root ALL=(ALL) SETENV: ALL
# Users in the \"wheel\" group can do anything.
%wheel ALL=(ALL) SETENV: ALL
";
description = "
This string contains the contents of the
<filename>sudoers</filename> file.
";
# If syntax errors are detected in this file, the NixOS
# configuration will fail to build.
};
};
};
};
in
###### implementation
let
cfg = config.security.sudo;
inherit (pkgs.lib) mkIf;
inherit (pkgs) sudo;
in
mkIf cfg.enable {
require = [
options
# config.environment.etc
(import ../etc/default.nix)
# (import ?) # config.environment.extraPackages
# (import ?) # config.security.extraSetuidPrograms
];
security = {
extraSetuidPrograms = [
"sudo"
];
};
environment = {
extraPackages = [ sudo ];
etc = [
{
source = ../etc/pam.d/sudo;
target = "pam.d/sudo";
}
{
source = pkgs.runCommand "sudoers"
{ src = pkgs.writeText "sudoers-in" cfg.configFile; }
# Make sure that the sudoers file is syntactically valid.
# (currently disabled - NIXOS-66)
#"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
"cp $src $out";
target = "sudoers";
mode = "0440";
}
];
};
}

2
system/system.nix
View File

@ -158,7 +158,6 @@ rec {
pkgs.utillinux pkgs.utillinux
pkgs.wirelesstools pkgs.wirelesstools
] ]
++ pkgs.lib.optional config.security.sudo.enable pkgs.sudo
++ pkgs.lib.optional config.services.bitlbee.enable pkgs.bitlbee ++ pkgs.lib.optional config.services.bitlbee.enable pkgs.bitlbee
++ pkgs.lib.optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp ++ pkgs.lib.optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp
++ config.environment.extraPackages ++ config.environment.extraPackages
@ -199,7 +198,6 @@ rec {
setuidPrograms = setuidPrograms =
config.security.setuidPrograms ++ config.security.setuidPrograms ++
config.security.extraSetuidPrograms ++ config.security.extraSetuidPrograms ++
pkgs.lib.optional config.security.sudo.enable "sudo" ++
pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass" ++ pkgs.lib.optional (config.services.xserver.sessionType == "kde") "kcheckpass" ++
map ( x : x.program ) config.security.setuidOwners; map ( x : x.program ) config.security.setuidOwners;