nixos/shadow: create setuid wrapper for chsh

This allows non-declarative users to change their login shells. https://github.com/NixOS/nixpkgs/pull/41966 will make this possible for declarative users as well if the system config explicitly allows it.
author: Aneesh Agrawal <aneeshusa@gmail.com> 2018-08-26 22:33:29 -0700
committer: Aneesh Agrawal <aneeshusa@gmail.com> 2019-04-07 15:12:39 -0700
commit: 925b028f1779027d65ef75ecc87563c45805d0c3 (patch)
tree: 3ebbec4a29e4a54024baeccea54abc33474d978d /nixos/modules/programs
parent: ca11db894f2a8c91a950d9ec326c3977770b766c (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
index 8ec4169207db..824e451014e6 100644
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@@ -108,8 +108,9 @@ in
       newgrp.source    = "${pkgs.shadow.out}/bin/newgrp";
       newuidmap.source = "${pkgs.shadow.out}/bin/newuidmap";
       newgidmap.source = "${pkgs.shadow.out}/bin/newgidmap";
-    } // (if config.users.mutableUsers then {
+    } // lib.optionalAttrs config.users.mutableUsers {
+      chsh.source      = "${pkgs.shadow.out}/bin/chsh";
       passwd.source    = "${pkgs.shadow.out}/bin/passwd";
-    } else {});
+    };
   };
 }
author	Aneesh Agrawal <aneeshusa@gmail.com>	2018-08-26 22:33:29 -0700
committer	Aneesh Agrawal <aneeshusa@gmail.com>	2019-04-07 15:12:39 -0700
commit	925b028f1779027d65ef75ecc87563c45805d0c3 (patch)
tree	3ebbec4a29e4a54024baeccea54abc33474d978d /nixos/modules/programs
parent	ca11db894f2a8c91a950d9ec326c3977770b766c (diff)