atd: Make `at' and friends actually usable by regular users.

This patch makes the `at' commands setuid `atd' (instead of `root') and fixes the ownership of `/etc/at/at.deny'. svn path=/nixos/trunk/; revision=13515
2024-11-19 02:44:17 +03:00 · 2008-11-29 17:36:00 +00:00 · 2008-11-29 17:36:00 +00:00 · 8373c890a8
commit 8373c890a8
parent 7a6df0a5a8
3 changed files with 12 additions and 3 deletions
--- a/system/options.nix
+++ b/system/options.nix
@ -639,7 +639,8 @@ in
        default = false;
        description = ''
          Whether to make /var/spool/at{jobs,spool} writeable 
-          by everyone (and sticky).
+          by everyone (and sticky).  This is normally not needed since
+          the `at' commands are setuid/setgid `atd'.
        '';
      };
    };
--- a/system/system.nix
+++ b/system/system.nix
@ -302,7 +302,15 @@ rec {
        chmod u${if entry.setuid then "+" else "-"}s $wrapperDir/${entry.program} 
        chmod g${if entry.setgid then "+" else "-"}s $wrapperDir/${entry.program} 
      '') 
-      config.security.setuidOwners);
+      (config.security.setuidOwners ++
+
+       # The `at' commands must be setuid `atd' so they can access the files
+       # under `/etc/at', etc.
+       (if config.services.atd.enable
+        then (map (program: { inherit program; owner = "atd"; group = "atd";
+                             setuid = true; setgid = true; })
+                  [ "at" "atq" "atrm" ])
+        else [])));
  };


--- a/upstart-jobs/atd.nix
+++ b/upstart-jobs/atd.nix
@ -48,7 +48,7 @@ start script
   if [ ! -f "$etcdir"/at.deny ]
   then
       touch "$etcdir"/at.deny && \
-       chown root:root "$etcdir"/at.deny && \
+       chown root:atd "$etcdir"/at.deny && \
       chmod 640 "$etcdir"/at.deny
   fi
   if [ ! -f "$jobdir"/.SEQ ]