Setting umask inside login.defs alone doesn't seem to work
This commit is contained in:
parent
c9b187b911
commit
ea91d14dda
|
@ -65,6 +65,7 @@
|
|||
pulumiPackages.pulumi-language-go
|
||||
pulumiPackages.pulumi-language-nodejs
|
||||
purescript
|
||||
python3
|
||||
reuse
|
||||
rsync
|
||||
s5cmd
|
||||
|
|
|
@ -9,8 +9,19 @@ in
|
|||
# I don't use GNU's info
|
||||
documentation.info.enable = false;
|
||||
|
||||
# Be more private with newly created files
|
||||
# Set a more restricted umask globally. See pam_umask(8).
|
||||
# NOTE: login.defs file is used here since it has the lowest priority considered by pam_umask
|
||||
security.loginDefs.settings.UMASK = "027";
|
||||
security.pam.services =
|
||||
let
|
||||
text = ''
|
||||
session optional pam_umask.so
|
||||
'';
|
||||
in
|
||||
{
|
||||
login.text = lib.mkDefault text;
|
||||
systemd-user.text = lib.mkDefault text;
|
||||
};
|
||||
|
||||
# Just expose everything possible so shell completion works
|
||||
environment.pathsToLink = [
|
||||
|
|
Loading…
Reference in New Issue