ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-05 02:23:07 +03:00
Code Issues Projects Releases Wiki Activity

nixos/sudo: Only keep SSH_AUTH_SOCK if used for authentication

Browse Source 
This will make compatibility with `sudo-rs` easier.
This commit is contained in:
nicoo 2023-09-04 21:06:12 +00:00
parent 454151375d
commit 8742134c80
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/modules/security/sudo.nix
View File

@ -6,6 +6,10 @@ let
cfg = config.security.sudo; cfg = config.security.sudo;
enableSSHAgentAuth =
with config.security;
pam.enableSSHAgentAuth && pam.sudo.sshAgentAuth;
inherit (pkgs) sudo; inherit (pkgs) sudo;
toUserString = user: if (isInt user) then "#${toString user}" else "${user}"; toUserString = user: if (isInt user) then "#${toString user}" else "${user}";
@ -210,10 +214,10 @@ in
# Don't edit this file. Set the NixOS options security.sudo.configFile # Don't edit this file. Set the NixOS options security.sudo.configFile
# or security.sudo.extraRules instead. # or security.sudo.extraRules instead.
'' ''
'' (optionalString enableSSHAgentAuth ''
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic. # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
Defaults env_keep+=SSH_AUTH_SOCK Defaults env_keep+=SSH_AUTH_SOCK
'' '')
'' ''
# "root" is allowed to do anything. # "root" is allowed to do anything.
root ALL=(ALL:ALL) SETENV: ALL root ALL=(ALL:ALL) SETENV: ALL