From 018573b7579b4212d7001bf6f0e9b31e1bdadb14 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Wed, 10 Oct 2018 01:20:42 +0200 Subject: [PATCH] nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities Previously you either had to set the setuid bit yourself or workaround `isSystemUser = true` (for a loginable shell) to access the weechat screen. `programs.screen` shouldn't do this by default to avoid taking too much assumptions about the setup, however `services.weechat` explicitly requires tihs. See #45728 --- nixos/modules/services/misc/weechat.nix | 4 +++- nixos/modules/services/misc/weechat.xml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix index 1fcfb440485d..c6ff540ea12f 100644 --- a/nixos/modules/services/misc/weechat.nix +++ b/nixos/modules/services/misc/weechat.nix @@ -46,10 +46,12 @@ in Group = "weechat"; RemainAfterExit = "yes"; }; - script = "exec ${pkgs.screen}/bin/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; + script = "exec ${config.security.wrapperDir}/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; wantedBy = [ "multi-user.target" ]; wants = [ "network.target" ]; }; + + security.wrappers.screen.source = "${pkgs.screen}/bin/screen"; }; meta.doc = ./weechat.xml; diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index 9c9ee0448c92..b7f755bbc5c7 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -54,7 +54,7 @@ Now, the session can be re-attached like this: -screen -r weechat-screen +screen -x weechat/weechat-screen