BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixpkgs-suyu/modules/programs/shadow.nix
Eelco Dolstra 45d8c418b5 * Some hackery to get ConsoleKit to work with the SLIM and "auto" 
display managers.  This was broken due to a change in ConsoleKit
  0.4.2:

    https://bugs.freedesktop.org/show_bug.cgi?id=28377

  Using ConsoleKit's pam-ck-connector helps in that it creates local
  sessions; however, they're not marked as active because the
  x11-display-device property is not set.  As a workaround, calling
  ck-launch-session seems to work.

  More details:

    https://bugs.gentoo.org/show_bug.cgi?id=336634
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598150
    https://bugzilla.redhat.com/show_bug.cgi?id=585952

svn path=/nixos/trunk/; revision=28400
2011-08-08 19:28:17 +00:00

98 lines
2.6 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Configuration for the pwdutils suite of tools: passwd, useradd, etc.
{config, pkgs, ...}:
let
loginDefs =
''
DEFAULT_HOME yes
SYS_UID_MIN 100
SYS_UID_MAX 499
UID_MIN 1000
UID_MAX 29999
SYS_GID_MIN 100
SYS_GID_MAX 499
GID_MIN 1000
GID_MAX 29999
TTYGROUP tty
TTYPERM 0620
# Uncomment this to allow non-root users to change their account
#information. This should be made configurable.
#CHFN_RESTRICT frwh
'';
in
{
###### interface
options = {
users.defaultUserShell = pkgs.lib.mkOption {
default = "/var/run/current-system/sw/bin/bash";
description = ''
This option defined the default shell assigned to user
accounts. This must not be a store path, since the path is
used outside the store (in particular in /etc/passwd).
Rather, it should be the path of a symlink that points to the
actual shell in the Nix store.
'';
};
};
###### implementation
config = {
environment.systemPackages = [ pkgs.shadow ];
environment.etc =
[ { # /etc/login.defs: global configuration for pwdutils. You
# cannot login without it!
source = pkgs.writeText "login.defs" loginDefs;
target = "login.defs";
}
{ # /etc/default/useradd: configuration for useradd.
source = pkgs.writeText "useradd"
''
GROUP=100
HOME=/home
SHELL=${config.users.defaultUserShell}
'';
target = "default/useradd";
}
];
security.pam.services =
[ { name = "chsh"; rootOK = true; }
{ name = "chfn"; rootOK = true; }
# Enable ownDevices for the services/x11/display-managers/auto.nix module.
{ name = "su"; rootOK = true; ownDevices = true; forwardXAuth = true; }
{ name = "passwd"; }
# Note: useradd, groupadd etc. aren't setuid root, so it
# doesn't really matter what the PAM config says as long as it
# lets root in.
{ name = "useradd"; rootOK = true; }
{ name = "usermod"; rootOK = true; }
{ name = "userdel"; rootOK = true; }
{ name = "groupadd"; rootOK = true; }
{ name = "groupmod"; rootOK = true; }
{ name = "groupmems"; rootOK = true; }
{ name = "groupdel"; rootOK = true; }
{ name = "login"; ownDevices = true; allowNullPassword = true; }
];
security.setuidPrograms = [ "passwd" "chfn" "su" ];
};
}
Reference in a new issue View git blame Copy permalink