atd: Make `at' and friends actually usable by regular users.

This patch makes the `at' commands setuid `atd' (instead of `root')
and fixes the ownership of `/etc/at/at.deny'.

svn path=/nixos/trunk/; revision=13515
This commit is contained in:
Ludovic Courtès 2008-11-29 17:36:00 +00:00
parent 7a6df0a5a8
commit 8373c890a8
3 changed files with 12 additions and 3 deletions

View File

@ -639,7 +639,8 @@ in
default = false;
description = ''
Whether to make /var/spool/at{jobs,spool} writeable
by everyone (and sticky).
by everyone (and sticky). This is normally not needed since
the `at' commands are setuid/setgid `atd'.
'';
};
};

View File

@ -302,7 +302,15 @@ rec {
chmod u${if entry.setuid then "+" else "-"}s $wrapperDir/${entry.program}
chmod g${if entry.setgid then "+" else "-"}s $wrapperDir/${entry.program}
'')
config.security.setuidOwners);
(config.security.setuidOwners ++
# The `at' commands must be setuid `atd' so they can access the files
# under `/etc/at', etc.
(if config.services.atd.enable
then (map (program: { inherit program; owner = "atd"; group = "atd";
setuid = true; setgid = true; })
[ "at" "atq" "atrm" ])
else [])));
};

View File

@ -48,7 +48,7 @@ start script
if [ ! -f "$etcdir"/at.deny ]
then
touch "$etcdir"/at.deny && \
chown root:root "$etcdir"/at.deny && \
chown root:atd "$etcdir"/at.deny && \
chmod 640 "$etcdir"/at.deny
fi
if [ ! -f "$jobdir"/.SEQ ]