mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-25 20:34:52 +03:00
parent
9ab141ce27
commit
98102ebd92
@ -99,7 +99,6 @@ in
|
|||||||
groupdel = { rootOK = true; };
|
groupdel = { rootOK = true; };
|
||||||
login = { startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; };
|
login = { startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; };
|
||||||
chpasswd = { rootOK = true; };
|
chpasswd = { rootOK = true; };
|
||||||
chgpasswd = { rootOK = true; };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
security.setuidPrograms = [ "su" "chfn" ]
|
security.setuidPrograms = [ "su" "chfn" ]
|
||||||
|
@ -105,6 +105,16 @@ let
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
setEnvironment = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = ''
|
||||||
|
Whether the service should set the environment variables
|
||||||
|
listed in <option>environment.sessionVariables</option>
|
||||||
|
using <literal>pam_env.so</literal>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
setLoginUid = mkOption {
|
setLoginUid = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
description = ''
|
description = ''
|
||||||
@ -284,7 +294,9 @@ let
|
|||||||
"password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"}
|
"password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"}
|
||||||
|
|
||||||
# Session management.
|
# Session management.
|
||||||
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
${optionalString cfg.setEnvironment ''
|
||||||
|
session required pam_env.so envfile=${config.system.build.pamEnvironment}
|
||||||
|
''}
|
||||||
session required pam_unix.so
|
session required pam_unix.so
|
||||||
${optionalString cfg.setLoginUid
|
${optionalString cfg.setLoginUid
|
||||||
"session ${
|
"session ${
|
||||||
@ -477,6 +489,13 @@ in
|
|||||||
vlock = {};
|
vlock = {};
|
||||||
xlock = {};
|
xlock = {};
|
||||||
xscreensaver = {};
|
xscreensaver = {};
|
||||||
|
|
||||||
|
runuser = { rootOK = true; unixAuth = false; setEnvironment = false; };
|
||||||
|
|
||||||
|
/* FIXME: should runuser -l start a systemd session? Currently
|
||||||
|
it complains "Cannot create session: Already running in a
|
||||||
|
session". */
|
||||||
|
runuser-l = { rootOK = true; unixAuth = false; };
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user