Run sudo with -s in the darwin module (#807)
Currently activation is run with `sudo -i` this defaults to the user's login shell. This can lead to problems if the user's shell isn't set properly. By passing `-s` rather than `-i`, `sudo` runs `activate` in `SHELL` instead. We assume that at this point in the activation `SHELL` contains the path to a bash in the nix store. This should always be a valid shell to run the `activate` script with. From the `sudo` manual it seems like this cannot be fixed if `SHELL` isn't set at this point or by passing a command to `-s` because that command is then passed to the user's shell.
This commit is contained in:
parent
9580f6c42a
commit
cf62e96bf7
1 changed files with 1 additions and 1 deletions
|
@ -134,7 +134,7 @@ in
|
||||||
system.activationScripts.postActivation.text =
|
system.activationScripts.postActivation.text =
|
||||||
concatStringsSep "\n" (mapAttrsToList (username: usercfg: ''
|
concatStringsSep "\n" (mapAttrsToList (username: usercfg: ''
|
||||||
echo Activating home-manager configuration for ${username}
|
echo Activating home-manager configuration for ${username}
|
||||||
sudo -u ${username} -i ${pkgs.writeShellScript "activation-${username}" ''
|
sudo -u ${username} -s ${pkgs.writeShellScript "activation-${username}" ''
|
||||||
${lib.optionalString (cfg.backupFileExtension != null)
|
${lib.optionalString (cfg.backupFileExtension != null)
|
||||||
"export HOME_MANAGER_BACKUP_EXT=${lib.escapeShellArg cfg.backupFileExtension}"}
|
"export HOME_MANAGER_BACKUP_EXT=${lib.escapeShellArg cfg.backupFileExtension}"}
|
||||||
${lib.optionalString cfg.verbose "export VERBOSE=1"}
|
${lib.optionalString cfg.verbose "export VERBOSE=1"}
|
||||||
|
|
Loading…
Reference in a new issue