mkOption argument, because then we lose them if somebody sets
security.setuidPrograms somewhere else. (Shouldn't "default" be
merged as well?)
svn path=/nixos/trunk/; revision=16734
programs require that the mode is 4550 so that execution of the
setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
wrappers if the ownership or mode was different than root:root and
4555.
* setuid-wrappers: allow the full path of the wrapped program to be
specified, rather than looking it up in $PATH.
svn path=/nixos/trunk/; revision=16733
option security.pam.services containing the list of PAM services.
For instance, the SLiM module simply declares:
security.pam.services = [ { name = "slim"; localLogin = true; } ];
svn path=/nixos/trunk/; revision=16729
enabled as a session type. Since I'm lazy, provide it
unconditionally. Also have it include "common-console" to set
device ownership when logging in.
svn path=/nixos/branches/modular-nixos/; revision=15800
modules/security/setuid-wrappers.nix.
* Removed the "path" activation scriptlet. The partial ordering was
underspecified (there was nothing ensuring that it came near the end
of the activation script), and it wasn't needed in any case.
svn path=/nixos/branches/modular-nixos/; revision=15726