From 4fd1aaaf8d1f4656f02d7868dcd6e7b297bb5cfe Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 3 Nov 2023 18:03:49 +0100 Subject: exim: use upstream security wrappers --- krebs/3modules/exim.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 917a8e5a4..583fd07b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,14 +50,18 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { + security.wrappers = { exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; + source = "${pkgs.exim}/bin/exim"; + owner = "root"; + group = "root"; + setuid = true; }; sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; + source = "${pkgs.exim}/bin/exim"; + owner = "root"; + group = "root"; + setuid = true; }; }; systemd.services.exim = { -- cgit v1.2.3