motiejus/config
1
Fork 0
Code Packages Releases Activity

system users: use /bin/sh

Browse Source 
Just learned about "bash security issue" when reading about rrsync.
This commit is contained in:
Motiejus Jakštys 2023-09-23 22:46:14 +03:00
parent 3b1d1b439f
commit 70e5230611
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/services/borgstor/default.nix
View File

@ -16,7 +16,7 @@
users.users.borgstor = { users.users.borgstor = {
description = "Borg Storage"; description = "Borg Storage";
home = dataDir; home = dataDir;
useDefaultShell = true; shell = "/bin/sh";
group = "borgstor"; group = "borgstor";
isSystemUser = true; isSystemUser = true;
createHome = false; createHome = false;

4
modules/services/deployerbot/default.nix
View File

@ -53,7 +53,7 @@ in {
users.users.deployerbot-main = { users.users.deployerbot-main = {
description = "Deployerbot Main"; description = "Deployerbot Main";
home = "/var/lib/deployerbot-main"; home = "/var/lib/deployerbot-main";
useDefaultShell = true; shell = "/bin/sh";
group = "deployerbot-main"; group = "deployerbot-main";
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
@ -122,7 +122,7 @@ in {
deployerbot-follower = { deployerbot-follower = {
description = "Deployerbot Follower"; description = "Deployerbot Follower";
home = "/var/lib/deployerbot-follower"; home = "/var/lib/deployerbot-follower";
useDefaultShell = true; shell = "/bin/sh";
group = "deployerbot-follower"; group = "deployerbot-follower";
extraGroups = ["wheel"]; extraGroups = ["wheel"];
isSystemUser = true; isSystemUser = true;

2
modules/services/gitea/default.nix
View File

@ -13,7 +13,7 @@
users.git = { users.git = {
description = "Gitea Service"; description = "Gitea Service";
home = "/var/lib/gitea"; home = "/var/lib/gitea";
useDefaultShell = true; shell = "/bin/sh";
group = "gitea"; group = "gitea";
isSystemUser = true; isSystemUser = true;
uid = myData.uidgid.gitea; uid = myData.uidgid.gitea;

2
modules/services/jakstpub/default.nix
View File

@ -77,7 +77,7 @@ in {
users.users.jakstpub = { users.users.jakstpub = {
description = "Jakstys Public"; description = "Jakstys Public";
home = "/var/empty"; home = "/var/empty";
useDefaultShell = true; shell = "/bin/sh";
group = "jakstpub"; group = "jakstpub";
isSystemUser = true; isSystemUser = true;
createHome = false; createHome = false;