Commit graph

10 commits

Author SHA1 Message Date
Yury G. Kudryashov
f0eb823a34 Add unix_chkpwd suid wrapper
svn path=/nixos/trunk/; revision=23165
2010-08-13 14:07:34 +00:00
Eelco Dolstra
c089738bdc * Use the shadow' package instead of pwdutils', `pam_login' and
`su'.
* The `usermod' from `shadow' allows setting a supplementary group
  equal to the user's primary group, so the special hack for the
  `nixbld' group is no longer needed.
* Removed /etc/default/passwd since it's not used by the new passwd.
  The hash is configured in pam_unix.
* Move some values for `security.setuidPrograms' and
  `security.pam.services' to the appropriate modules.

svn path=/nixos/trunk/; revision=22107
2010-06-02 21:10:48 +00:00
Eelco Dolstra
540c673364 * Enable the `chfn' program. Note that by default non-root users are
still not permitted to change their account information, as
  specified in login.defs.

svn path=/nixos/trunk/; revision=22049
2010-05-28 14:59:34 +00:00
Yury G. Kudryashov
7ae39feedb Get rid of extraSetuidPrograms.
Also state in description that it is obsolete.

svn path=/nixos/trunk/; revision=21777
2010-05-14 21:01:06 +00:00
Eelco Dolstra
26439de75b * security.setuidPrograms: don't set the default in the "default"
mkOption argument, because then we lose them if somebody sets
  security.setuidPrograms somewhere else.  (Shouldn't "default" be
  merged as well?)

svn path=/nixos/trunk/; revision=16734
2009-08-16 21:11:04 +00:00
Eelco Dolstra
dba1964122 * setuid-wrappers: support setting the mode. For instance, some
programs require that the mode is 4550 so that execution of the
  setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
  wrappers if the ownership or mode was different than root:root and
  4555.
* setuid-wrappers: allow the full path of the wrapped program to be
  specified, rather than looking it up in $PATH.

svn path=/nixos/trunk/; revision=16733
2009-08-16 17:24:59 +00:00
Eelco Dolstra
2884c9a836 * Style change.
svn path=/nixos/trunk/; revision=16730
2009-08-16 14:54:31 +00:00
Nicolas Pierron
47f70fda2f Fix fullDepEntry location in setuid-wrappers.nix.
svn path=/nixos/branches/modular-nixos/; revision=15733
2009-05-26 14:10:20 +00:00
Eelco Dolstra
c96f0d75f0 * Move the setuid wrappers activation scriptlet to
modules/security/setuid-wrappers.nix.
* Removed the "path" activation scriptlet.  The partial ordering was
  underspecified (there was nothing ensuring that it came near the end
  of the activation script), and it wasn't needed in any case.

svn path=/nixos/branches/modular-nixos/; revision=15726
2009-05-25 15:36:57 +00:00
Eelco Dolstra
a65aae0140 * Moved more modules.
svn path=/nixos/branches/modular-nixos/; revision=15722
2009-05-25 13:42:46 +00:00
Renamed from system/nixos-security.nix (Browse further)