tv ff: use abspath to sudo

This commit is contained in:
tv 2016-05-25 11:29:20 +02:00
parent 6370d2c2e2
commit 8ec65b04dc
2 changed files with 8 additions and 4 deletions

View File

@ -18,7 +18,7 @@ in {
pkgs.xlibs.fontschumachermisc pkgs.xlibs.fontschumachermisc
]; ];
# TODO dedicated group, i.e. with a single user # TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers # TODO krebs.setuid.slock.path vs /var/setuid-wrappers
krebs.setuid.slock = { krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock"; filename = "${pkgs.slock}/bin/slock";

View File

@ -1,8 +1,12 @@
{ pkgs, ... }: { pkgs, ... }:
pkgs.writeScriptBin "ff" '' # TODO use krebs.setuid
#! ${pkgs.bash}/bin/bash # This requires that we can create setuid executables that can only be accessed
exec sudo -u ff -i <<EOF # by a single user. [per-user-setuid]
# using bash for %q
pkgs.writeBashBin "ff" ''
exec /var/setuid-wrappers/sudo -u ff -i <<EOF
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@") exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
EOF EOF
'' ''