mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-20 20:20:26 +03:00
nixos: add implict security.wrappers options
This is to keep the same permissions/setuid/setgid as before the change in security.wrappers defaults.
This commit is contained in:
parent
41a498578e
commit
8f76a6eefc
@ -28,7 +28,9 @@ in {
|
|||||||
|
|
||||||
# "nix-ccache --show-stats" and "nix-ccache --clear"
|
# "nix-ccache --show-stats" and "nix-ccache --clear"
|
||||||
security.wrappers.nix-ccache = {
|
security.wrappers.nix-ccache = {
|
||||||
|
owner = "nobody";
|
||||||
group = "nixbld";
|
group = "nixbld";
|
||||||
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
source = pkgs.writeScript "nix-ccache.pl" ''
|
source = pkgs.writeScript "nix-ccache.pl" ''
|
||||||
#!${pkgs.perl}/bin/perl
|
#!${pkgs.perl}/bin/perl
|
||||||
|
@ -78,6 +78,8 @@ in {
|
|||||||
source = "${pkgs.msmtp}/bin/sendmail";
|
source = "${pkgs.msmtp}/bin/sendmail";
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = false;
|
setgid = false;
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc."msmtprc".text = let
|
environment.etc."msmtprc".text = let
|
||||||
|
@ -181,6 +181,8 @@ in
|
|||||||
source = "${pkgs.ssmtp}/bin/sendmail";
|
source = "${pkgs.ssmtp}/bin/sendmail";
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = false;
|
setgid = false;
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
@ -871,6 +871,7 @@ in
|
|||||||
unix_chkpwd = {
|
unix_chkpwd = {
|
||||||
source = "${pkgs.pam}/sbin/unix_chkpwd.orig";
|
source = "${pkgs.pam}/sbin/unix_chkpwd.orig";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
|
group = "nogroup";
|
||||||
setuid = true;
|
setuid = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -103,12 +103,15 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
security.wrappers.smtpctl = {
|
security.wrappers.smtpctl = {
|
||||||
|
owner = "nobody";
|
||||||
group = "smtpq";
|
group = "smtpq";
|
||||||
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
source = "${cfg.package}/bin/smtpctl";
|
source = "${cfg.package}/bin/smtpctl";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail security.wrappers.smtpctl;
|
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail
|
||||||
|
security.wrappers.smtpctl // { program = "sendmail"; };
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /var/spool/smtpd 711 root - - -"
|
"d /var/spool/smtpd 711 root - - -"
|
||||||
|
@ -673,6 +673,7 @@ in
|
|||||||
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
|
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
|
||||||
program = "sendmail";
|
program = "sendmail";
|
||||||
source = "${pkgs.postfix}/bin/sendmail";
|
source = "${pkgs.postfix}/bin/sendmail";
|
||||||
|
owner = "nobody";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
@ -681,6 +682,7 @@ in
|
|||||||
security.wrappers.mailq = {
|
security.wrappers.mailq = {
|
||||||
program = "mailq";
|
program = "mailq";
|
||||||
source = "${pkgs.postfix}/bin/mailq";
|
source = "${pkgs.postfix}/bin/mailq";
|
||||||
|
owner = "nobody";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
@ -689,6 +691,7 @@ in
|
|||||||
security.wrappers.postqueue = {
|
security.wrappers.postqueue = {
|
||||||
program = "postqueue";
|
program = "postqueue";
|
||||||
source = "${pkgs.postfix}/bin/postqueue";
|
source = "${pkgs.postfix}/bin/postqueue";
|
||||||
|
owner = "nobody";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
@ -697,6 +700,7 @@ in
|
|||||||
security.wrappers.postdrop = {
|
security.wrappers.postdrop = {
|
||||||
program = "postdrop";
|
program = "postdrop";
|
||||||
source = "${pkgs.postfix}/bin/postdrop";
|
source = "${pkgs.postfix}/bin/postdrop";
|
||||||
|
owner = "nobody";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
@ -88,12 +88,14 @@ in {
|
|||||||
source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";
|
source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";
|
||||||
owner = "x2go";
|
owner = "x2go";
|
||||||
group = "x2go";
|
group = "x2go";
|
||||||
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
};
|
};
|
||||||
security.wrappers.x2goprintWrapper = {
|
security.wrappers.x2goprintWrapper = {
|
||||||
source = "${pkgs.x2goserver}/bin/x2goprint";
|
source = "${pkgs.x2goserver}/bin/x2goprint";
|
||||||
owner = "x2go";
|
owner = "x2go";
|
||||||
group = "x2go";
|
group = "x2go";
|
||||||
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -136,9 +136,11 @@ in
|
|||||||
owner = "fcron";
|
owner = "fcron";
|
||||||
group = "fcron";
|
group = "fcron";
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
setuid = false;
|
||||||
};
|
};
|
||||||
fcronsighup = {
|
fcronsighup = {
|
||||||
source = "${pkgs.fcron}/bin/fcronsighup";
|
source = "${pkgs.fcron}/bin/fcronsighup";
|
||||||
|
owner = "root";
|
||||||
group = "fcron";
|
group = "fcron";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -49,9 +49,10 @@ in {
|
|||||||
users.groups.mail = {};
|
users.groups.mail = {};
|
||||||
security.wrappers = {
|
security.wrappers = {
|
||||||
dtmail = {
|
dtmail = {
|
||||||
source = "${pkgs.cdesktopenv}/bin/dtmail";
|
|
||||||
group = "mail";
|
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
owner = "nobody";
|
||||||
|
group = "mail";
|
||||||
|
source = "${pkgs.cdesktopenv}/bin/dtmail";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user