qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nextcloud: Remove --preserve-env in sudo

Browse Source 
This helps supporting sudo-rs, which currently does not implement the
--preserve-env flag and probably won't so in the foreseeable future [1].

The replacement just sets both environment variables behind the sudo
invocation with env, as sudo-rs also doesn't implement env var lists.

The OC_PASS variable is dropped, as it is seemingly unused and would
leak through this approach through /proc.

[1] https://github.com/memorysafety/sudo-rs/issues/129
This commit is contained in:
Mynacol 2024-06-22 15:56:27 +02:00
parent cfdae65b07
commit af072cfb55
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -91,10 +91,10 @@ let
cd ${webroot} cd ${webroot}
sudo=exec sudo=exec
if [[ "$USER" != nextcloud ]]; then if [[ "$USER" != nextcloud ]]; then
sudo='exec /run/wrappers/bin/sudo -u nextcloud --preserve-env=NEXTCLOUD_CONFIG_DIR --preserve-env=OC_PASS' sudo='exec /run/wrappers/bin/sudo -u nextcloud'
fi fi
export NEXTCLOUD_CONFIG_DIR="${datadir}/config" $sudo ${pkgs.coreutils}/bin/env \
$sudo \ NEXTCLOUD_CONFIG_DIR="${datadir}/config" \
${phpCli} \ ${phpCli} \
occ "$@" occ "$@"
''; '';