sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid).

sudo: add ability for wheel users to change group (as well as user)
2015-03-30 23:50:45 +01:00 · 2015-03-30 23:50:45 +01:00 · be7f104502
parent e07ea5cf77
commit be7f104502
2 changed files with 2 additions and 2 deletions
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@ -100,7 +100,7 @@ in
        chgpasswd = { rootOK = true; };
      };

-    security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp"
+    security.setuidPrograms = [ "passwd" "chfn" "su" "sg" "newgrp"
      "newuidmap" "newgidmap"  # new in shadow 4.2.x
      ];

--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@ -77,7 +77,7 @@ in
        root        ALL=(ALL) SETENV: ALL

        # Users in the "wheel" group can do anything.
-        %wheel      ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
+        %wheel      ALL=(ALL:ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
        ${cfg.extraConfig}
      '';