From 65924ba6e9a34aac5d5ab51db4cfb43d08825269 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 20 Feb 2017 01:45:04 +0100 Subject: Bump setuid wrappers --- hel.nix | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) (limited to 'hel.nix') diff --git a/hel.nix b/hel.nix index 3eb83309..5d9de1b8 100644 --- a/hel.nix +++ b/hel.nix @@ -45,7 +45,6 @@ git slock shadow - (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; }) (callPackage ./utils/nix/rebuild-system.nix {}) rewacom ]; @@ -350,17 +349,19 @@ %wheel ALL=(ALL) NOPASSWD: SYSCTRL ''; - setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"]; - - setuidOwners = [ { group = "users"; - owner = "gkleen"; - permissions = "u+rx,g+x,o+x"; - program = "notify-gkleen"; - setgid = true; - setuid = true; - source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen''; - } - ]; + security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock"; + "mount".source = "${pkgs.utillinux.bin}/bin/mount"; + "umount".source = "${pkgs.utillinux.bin}/bin/umount"; + "newgrp".source = "${pkgs.shadow}/bin/newgrp"; + "thinklight".source = + "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight"; + "notify-gkleen" = { + group = "users"; + owner = "gkleen"; + setgid = true; + setuid = true; + source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen''; + }; polkit = { enable = true; -- cgit v1.2.3