diff options
author | tv <tv@krebsco.de> | 2016-05-25 03:03:21 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-05-25 03:03:21 +0200 |
commit | cfd5771961b7a6969e888503aa20c842d94c5bc7 (patch) | |
tree | 62d96b8ec5465a823506715194df45b4d42d8657 /tv/2configs/xserver | |
parent | 4cc0217943787f7cd4d07f945ab084face42e8d1 (diff) |
tv slock: user krebs.setuid
Diffstat (limited to 'tv/2configs/xserver')
-rw-r--r-- | tv/2configs/xserver/default.nix | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/tv/2configs/xserver/default.nix b/tv/2configs/xserver/default.nix index a6a8205..b5b1167 100644 --- a/tv/2configs/xserver/default.nix +++ b/tv/2configs/xserver/default.nix @@ -37,15 +37,21 @@ let pkgs.ff pkgs.gitAndTools.qgit pkgs.mpv - pkgs.slock pkgs.sxiv pkgs.xsel pkgs.zathura ]; - security.setuidPrograms = [ - "slock" - ]; + # TODO dedicated group, i.e. with a single user + # TODO krebs.setuid.slock.path vs /var/setuid-wrappers + krebs.setuid.slock = { + filename = "${pkgs.slock}/bin/slock"; + group = "wheel"; + envp = { + DISPLAY = ":${toString config.services.xserver.display}"; + USER = user.name; + }; + }; systemd.services.display-manager.enable = false; |