nixos/shadow: setuid wrappers for new{uid,gid}map

These utils are not related to user management, so they should be available even if immutable users are enabled.
2016-08-19 14:47:11 +02:00 · 2016-08-19 14:47:11 +02:00 · 51b165c7d2
parent 80dbdba6dd
commit 51b165c7d2
1 changed files with 2 additions and 3 deletions
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@ -103,10 +103,9 @@ in
      };

    security.setuidPrograms = [ "su" "chfn" ]
+      ++ [ "newuidmap" "newgidmap" ] # new in shadow 4.2.x
      ++ lib.optionals config.users.mutableUsers
-      [ "passwd" "sg" "newgrp"
-        "newuidmap" "newgidmap" # new in shadow 4.2.x
-      ];
+      [ "passwd" "sg" "newgrp" ];

  };