nixos: condition shadow setuid-wrappers on mutableUsers

Having junk setuid wrappers in PATH is annoying.
2015-04-12 21:42:50 +02:00 · 2015-04-12 21:42:50 +02:00 · 75ab7bf960
parent 2d8cfe76a9
commit 75ab7bf960
1 changed files with 4 additions and 2 deletions
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@ -100,8 +100,10 @@ in
        chgpasswd = { rootOK = true; };
      };

-    security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"
-      "newuidmap" "newgidmap"  # new in shadow 4.2.x
+    security.setuidPrograms = [ "su" "chfn" ]
+      ++ lib.optionals config.users.mutableUsers
+      [ "passwd" "sg" "newgrp"
+        "newuidmap" "newgidmap" # new in shadow 4.2.x
      ];

  };