From f172118ca43369af548af2d4edecb07890f917e8 Mon Sep 17 00:00:00 2001 From: Andrew Tropin Date: Sun, 6 Feb 2022 08:16:54 +0300 Subject: gnu: linux-pam: Change path to unix_chkpwd helper. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/patches/linux-pam-unix_chkpwd.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (linux-pam): Use it. * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid. Co-authored-by: Ludovic Courtès --- gnu/packages/patches/linux-pam-unix_chkpwd.patch | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 gnu/packages/patches/linux-pam-unix_chkpwd.patch (limited to 'gnu/packages/patches/linux-pam-unix_chkpwd.patch') diff --git a/gnu/packages/patches/linux-pam-unix_chkpwd.patch b/gnu/packages/patches/linux-pam-unix_chkpwd.patch new file mode 100644 index 0000000000..0e865ff18c --- /dev/null +++ b/gnu/packages/patches/linux-pam-unix_chkpwd.patch @@ -0,0 +1,9 @@ +unix_chkpwd is designed to have a suid bit, but it's not possible to set it +for files in the store. This patch tells unix_pam.so to look for +unix_chkpwd in setuid program directory on Guix System. + +--- a/modules/pam_unix/Makefile.in ++++ b/modules/pam_unix/Makefile.in +@@ -651,1 +651,1 @@ +- -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ ++ -DCHKPWD_HELPER=\"/run/setuid-programs/unix_chkpwd\" \ -- cgit v1.2.3