nixos: make setgid wrappers root-owned
This commit is contained in:
rnhmjoj
parent
378d2c5dce
commit
31790c81dc
@ -28,7 +28,7 @@ in {
|
|||||||
|
|
||||||
# "nix-ccache --show-stats" and "nix-ccache --clear"
|
# "nix-ccache --show-stats" and "nix-ccache --clear"
|
||||||
security.wrappers.nix-ccache = {
|
security.wrappers.nix-ccache = {
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = "nixbld";
|
group = "nixbld";
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
|||||||
@ -33,7 +33,7 @@ in
|
|||||||
security.wrappers = mkIf cfg.withUtempter {
|
security.wrappers = mkIf cfg.withUtempter {
|
||||||
utempter = {
|
utempter = {
|
||||||
source = "${pkgs.libutempter}/lib/utempter/utempter";
|
source = "${pkgs.libutempter}/lib/utempter/utempter";
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = "utmp";
|
group = "utmp";
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
|||||||
@ -103,7 +103,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
security.wrappers.smtpctl = {
|
security.wrappers.smtpctl = {
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = "smtpq";
|
group = "smtpq";
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
|||||||
@ -673,7 +673,7 @@ in
|
|||||||
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
|
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
|
||||||
program = "sendmail";
|
program = "sendmail";
|
||||||
source = "${pkgs.postfix}/bin/sendmail";
|
source = "${pkgs.postfix}/bin/sendmail";
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
@ -682,7 +682,7 @@ in
|
|||||||
security.wrappers.mailq = {
|
security.wrappers.mailq = {
|
||||||
program = "mailq";
|
program = "mailq";
|
||||||
source = "${pkgs.postfix}/bin/mailq";
|
source = "${pkgs.postfix}/bin/mailq";
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
@ -691,7 +691,7 @@ in
|
|||||||
security.wrappers.postqueue = {
|
security.wrappers.postqueue = {
|
||||||
program = "postqueue";
|
program = "postqueue";
|
||||||
source = "${pkgs.postfix}/bin/postqueue";
|
source = "${pkgs.postfix}/bin/postqueue";
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
@ -700,7 +700,7 @@ in
|
|||||||
security.wrappers.postdrop = {
|
security.wrappers.postdrop = {
|
||||||
program = "postdrop";
|
program = "postdrop";
|
||||||
source = "${pkgs.postfix}/bin/postdrop";
|
source = "${pkgs.postfix}/bin/postdrop";
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = setgidGroup;
|
group = setgidGroup;
|
||||||
setuid = false;
|
setuid = false;
|
||||||
setgid = true;
|
setgid = true;
|
||||||
|
|||||||
@ -50,7 +50,7 @@ in {
|
|||||||
security.wrappers = {
|
security.wrappers = {
|
||||||
dtmail = {
|
dtmail = {
|
||||||
setgid = true;
|
setgid = true;
|
||||||
owner = "nobody";
|
owner = "root";
|
||||||
group = "mail";
|
group = "mail";
|
||||||
source = "${pkgs.cdesktopenv}/bin/dtmail";
|
source = "${pkgs.cdesktopenv}/bin/dtmail";
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user