ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-10-21 04:42:07 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #21 from peti/assign-fixed-uid-and-gid-for-httpd-service

Browse Source 
(Optionally) assign fixed a UID and GID for the user dedicated to running Apache.
This commit is contained in:
Peter Simons 2012-08-03 07:41:47 -07:00
commit 514a26af13
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/misc/ids.nix
View File

@ -72,6 +72,7 @@ in
clamav = 51; clamav = 51;
fprot = 52; fprot = 52;
bind = 53; bind = 53;
wwwrun = 54;
# When adding a uid, make sure it doesn't match an existing gid. # When adding a uid, make sure it doesn't match an existing gid.
@ -123,6 +124,9 @@ in
mpd = 50; mpd = 50;
clamav = 51; clamav = 51;
fprot = 52; fprot = 52;
# Group id 53 is still free! I didn't use it, because I wanted the
# the same numeric value for the 'wwwrun' user and group.
wwwrun = 54;
# When adding a gid, make sure it doesn't match an existing uid. # When adding a gid, make sure it doesn't match an existing uid.

24
modules/services/web-servers/apache-httpd/default.nix
View File

@ -407,7 +407,7 @@ in
package = mkOption { package = mkOption {
default = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; }; default = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; };
example = "pkgs.apacheHttpd_2_4"; example = "pkgs.apacheHttpd_2_4";
description = " description = "
Overridable attribute of the Apache HTTP Server package to use. Overridable attribute of the Apache HTTP Server package to use.
"; ";
@ -415,7 +415,7 @@ in
configFile = mkOption { configFile = mkOption {
default = confFile; default = confFile;
example = ''pkgs.writeText "httpd.conf" "# my custom config file ...";''; example = ''pkgs.writeText "httpd.conf" "# my custom config file ...";'';
description = " description = "
Overridable config file to use for Apache. By default, use the Overridable config file to use for Apache. By default, use the
file automatically generated by nixos. file automatically generated by nixos.
@ -469,6 +469,18 @@ in
"; ";
}; };
fixUidAndGid = mkOption {
default = false;
description = "
Use a fixed numeric ID (54) for the <varname>wwwrun</varname> user
and group. This setting is disabled by default for the sake of
backwards compatibility: we don't want to break pre-existing
installations that alrady have a user/group for Apache with different
values for that ID. If you're installing a fresh server, however,
choosing the fixed numeric values for those IDs is safe.
";
};
logDir = mkOption { logDir = mkOption {
default = "/var/log/httpd"; default = "/var/log/httpd";
description = " description = "
@ -558,14 +570,14 @@ in
config = mkIf config.services.httpd.enable { config = mkIf config.services.httpd.enable {
users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") singleton users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") singleton
{ name = "wwwrun"; ({ name = "wwwrun";
group = "wwwrun"; group = "wwwrun";
description = "Apache httpd user"; description = "Apache httpd user";
}; } // (if mainCfg.fixUidAndGid then { uid = config.ids.uids.wwwrun; } else {}));
users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") singleton users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") singleton
{ name = "wwwrun"; ({ name = "wwwrun";
}; } // (if mainCfg.fixUidAndGid then { gid = config.ids.gids.wwwrun; } else {}));
environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;