Enable the runuser command from util-linux

Fixes #14701.
This commit is contained in:
Eelco Dolstra 2016-09-06 17:23:27 +02:00
parent 9ab141ce27
commit 98102ebd92
2 changed files with 20 additions and 2 deletions

View File

@ -99,7 +99,6 @@ in
groupdel = { rootOK = true; };
login = { startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; };
chpasswd = { rootOK = true; };
chgpasswd = { rootOK = true; };
};
security.setuidPrograms = [ "su" "chfn" ]

View File

@ -105,6 +105,16 @@ let
'';
};
setEnvironment = mkOption {
type = types.bool;
default = true;
description = ''
Whether the service should set the environment variables
listed in <option>environment.sessionVariables</option>
using <literal>pam_env.so</literal>.
'';
};
setLoginUid = mkOption {
type = types.bool;
description = ''
@ -284,7 +294,9 @@ let
"password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"}
# Session management.
session required pam_env.so envfile=${config.system.build.pamEnvironment}
${optionalString cfg.setEnvironment ''
session required pam_env.so envfile=${config.system.build.pamEnvironment}
''}
session required pam_unix.so
${optionalString cfg.setLoginUid
"session ${
@ -477,6 +489,13 @@ in
vlock = {};
xlock = {};
xscreensaver = {};
runuser = { rootOK = true; unixAuth = false; setEnvironment = false; };
/* FIXME: should runuser -l start a systemd session? Currently
it complains "Cannot create session: Already running in a
session". */
runuser-l = { rootOK = true; unixAuth = false; };
};
};