Commit graph

66 commits

Author SHA1 Message Date
Eelco Dolstra 3e5912833d * For consistency with Nixpkgs.
svn path=/nixos/trunk/; revision=17427
2009-09-25 20:12:35 +00:00
Eelco Dolstra 379778c385 * For X logins, don't use pam_ck_connector since it doesn't really
work for X logins.  (The documentation also says so.)  Instead just
  call ck-launch-session from the xsession script.

svn path=/nixos/trunk/; revision=17090
2009-09-13 14:05:21 +00:00
Eelco Dolstra 447c1ac34a * SLiM / ConsoleKit compatibility hack.
svn path=/nixos/trunk/; revision=16744
2009-08-17 01:35:48 +00:00
Eelco Dolstra 7ab616f659 * Added support for ConsoleKit.
* Let ConsoleKit track the current logins instead of pam_console.
  Udev now takes care of setting the device permissions to the active
  user.  This works much better, since pam_console wouldn't apply
  permissions to new (hot-plugged) devices.  Also, the udev+ConsoleKit
  approach supports user switching.  (We don't have that for X yet,
  but it already works for logins on virtual consoles: if you switch
  between different users on differents VCs with Alt+Fn, the device
  ownership will be changed automatically.)

svn path=/nixos/trunk/; revision=16743
2009-08-17 01:16:38 +00:00
Eelco Dolstra ac24c7834d * A module for policy-kit (not enabled yet).
svn path=/nixos/trunk/; revision=16738
2009-08-16 21:48:46 +00:00
Eelco Dolstra 26439de75b * security.setuidPrograms: don't set the default in the "default"
mkOption argument, because then we lose them if somebody sets
  security.setuidPrograms somewhere else.  (Shouldn't "default" be
  merged as well?)

svn path=/nixos/trunk/; revision=16734
2009-08-16 21:11:04 +00:00
Eelco Dolstra dba1964122 * setuid-wrappers: support setting the mode. For instance, some
programs require that the mode is 4550 so that execution of the
  setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
  wrappers if the ownership or mode was different than root:root and
  4555.
* setuid-wrappers: allow the full path of the wrapped program to be
  specified, rather than looking it up in $PATH.

svn path=/nixos/trunk/; revision=16733
2009-08-16 17:24:59 +00:00
Eelco Dolstra f31e2718b7 * Print an error if the exec fails.
svn path=/nixos/trunk/; revision=16732
2009-08-16 16:46:00 +00:00
Eelco Dolstra 3b931f7861 * We still need /etc/pam.d/other to keep usermod happy.
svn path=/nixos/trunk/; revision=16731
2009-08-16 15:46:24 +00:00
Eelco Dolstra 2884c9a836 * Style change.
svn path=/nixos/trunk/; revision=16730
2009-08-16 14:54:31 +00:00
Eelco Dolstra 39bffdb34c * Make the generation of /etc/pam.d more declarative. There now is an
option security.pam.services containing the list of PAM services.
  For instance, the SLiM module simply declares:

    security.pam.services = [ { name = "slim"; localLogin = true; } ];

svn path=/nixos/trunk/; revision=16729
2009-08-16 14:49:14 +00:00
Eelco Dolstra 720d51179e * kdm needs the "kde" PAM module, but you only get it when KDE is
enabled as a session type.  Since I'm lazy, provide it
  unconditionally.  Also have it include "common-console" to set
  device ownership when logging in.

svn path=/nixos/branches/modular-nixos/; revision=15800
2009-05-29 14:57:31 +00:00
Eelco Dolstra 14f1c81822 * Move PAM configuration to modules/security/pam.nix.
svn path=/nixos/branches/modular-nixos/; revision=15766
2009-05-28 13:10:02 +00:00
Nicolas Pierron 47f70fda2f Fix fullDepEntry location in setuid-wrappers.nix.
svn path=/nixos/branches/modular-nixos/; revision=15733
2009-05-26 14:10:20 +00:00
Eelco Dolstra c96f0d75f0 * Move the setuid wrappers activation scriptlet to
modules/security/setuid-wrappers.nix.
* Removed the "path" activation scriptlet.  The partial ordering was
  underspecified (there was nothing ensuring that it came near the end
  of the activation script), and it wasn't needed in any case.

svn path=/nixos/branches/modular-nixos/; revision=15726
2009-05-25 15:36:57 +00:00
Eelco Dolstra a65aae0140 * Moved more modules.
svn path=/nixos/branches/modular-nixos/; revision=15722
2009-05-25 13:42:46 +00:00