* Make the set of setuid programs configurable.

* Make crontab setuid.

svn path=/nixos/trunk/; revision=7636
This commit is contained in:
Eelco Dolstra 2007-01-11 16:29:23 +00:00
parent 6b364875f9
commit 580f98f1ed
3 changed files with 12 additions and 1 deletions

View File

@ -121,7 +121,7 @@ ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
wrapperDir=@wrapperDir@
if test -d $wrapperDir; then rm -f $wrapperDir/*; fi
mkdir -p $wrapperDir
for i in passwd su; do
for i in @setuidPrograms@; do
program=$(type -tp $i)
cp $(type -tp setuid-wrapper) $wrapperDir/$i
echo -n $program > $wrapperDir/$i.real

View File

@ -523,4 +523,14 @@
}
{
name = ["security" "setuidPrograms"];
default = ["passwd" "su" "crontab"];
description = "
Only the programs listed here will be made setuid root (through
a wrapper program).
";
}
]

View File

@ -189,6 +189,7 @@ rec {
inherit (pkgs) kernel;
readOnlyRoot = config.get ["boot" "readOnlyRoot"];
hostName = config.get ["networking" "hostName"];
setuidPrograms = config.get ["security" "setuidPrograms"];
wrapperDir = setuidWrapper.wrapperDir;
path = [