Commit graph

61 commits

Author SHA1 Message Date
Eelco Dolstra 26439de75b * security.setuidPrograms: don't set the default in the "default"
mkOption argument, because then we lose them if somebody sets
  security.setuidPrograms somewhere else.  (Shouldn't "default" be
  merged as well?)

svn path=/nixos/trunk/; revision=16734
2009-08-16 21:11:04 +00:00
Eelco Dolstra dba1964122 * setuid-wrappers: support setting the mode. For instance, some
programs require that the mode is 4550 so that execution of the
  setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
  wrappers if the ownership or mode was different than root:root and
  4555.
* setuid-wrappers: allow the full path of the wrapped program to be
  specified, rather than looking it up in $PATH.

svn path=/nixos/trunk/; revision=16733
2009-08-16 17:24:59 +00:00
Eelco Dolstra f31e2718b7 * Print an error if the exec fails.
svn path=/nixos/trunk/; revision=16732
2009-08-16 16:46:00 +00:00
Eelco Dolstra 3b931f7861 * We still need /etc/pam.d/other to keep usermod happy.
svn path=/nixos/trunk/; revision=16731
2009-08-16 15:46:24 +00:00
Eelco Dolstra 2884c9a836 * Style change.
svn path=/nixos/trunk/; revision=16730
2009-08-16 14:54:31 +00:00
Eelco Dolstra 39bffdb34c * Make the generation of /etc/pam.d more declarative. There now is an
option security.pam.services containing the list of PAM services.
  For instance, the SLiM module simply declares:

    security.pam.services = [ { name = "slim"; localLogin = true; } ];

svn path=/nixos/trunk/; revision=16729
2009-08-16 14:49:14 +00:00
Eelco Dolstra 720d51179e * kdm needs the "kde" PAM module, but you only get it when KDE is
enabled as a session type.  Since I'm lazy, provide it
  unconditionally.  Also have it include "common-console" to set
  device ownership when logging in.

svn path=/nixos/branches/modular-nixos/; revision=15800
2009-05-29 14:57:31 +00:00
Eelco Dolstra 14f1c81822 * Move PAM configuration to modules/security/pam.nix.
svn path=/nixos/branches/modular-nixos/; revision=15766
2009-05-28 13:10:02 +00:00
Nicolas Pierron 47f70fda2f Fix fullDepEntry location in setuid-wrappers.nix.
svn path=/nixos/branches/modular-nixos/; revision=15733
2009-05-26 14:10:20 +00:00
Eelco Dolstra c96f0d75f0 * Move the setuid wrappers activation scriptlet to
modules/security/setuid-wrappers.nix.
* Removed the "path" activation scriptlet.  The partial ordering was
  underspecified (there was nothing ensuring that it came near the end
  of the activation script), and it wasn't needed in any case.

svn path=/nixos/branches/modular-nixos/; revision=15726
2009-05-25 15:36:57 +00:00
Eelco Dolstra a65aae0140 * Moved more modules.
svn path=/nixos/branches/modular-nixos/; revision=15722
2009-05-25 13:42:46 +00:00