gnu: linux-pam: Change path to unix_chkpwd helper.

* gnu/packages/patches/linux-pam-unix_chkpwd.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (linux-pam): Use it. * gnu/system/pam.scm (pam-root-service-type): Add unix_chkpwd to setuid. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
author: Andrew Tropin <andrew@trop.in> 2022-02-06 08:16:54 +0300
committer: Ludovic Courtès <ludo@gnu.org> 2022-02-10 23:37:10 +0100
commit: f172118ca43369af548af2d4edecb07890f917e8 (patch)
tree: ff0d3ebcd9040682cd6a5529cb392c3b373e2146 /gnu/packages/patches/linux-pam-unix_chkpwd.patch
parent: b31ef5638bad5c06e6289931eaa0ab7feda908db (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/gnu/packages/patches/linux-pam-unix_chkpwd.patch b/gnu/packages/patches/linux-pam-unix_chkpwd.patch
new file mode 100644
index 0000000000..0e865ff18c
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-unix_chkpwd.patch
@@ -0,0 +1,9 @@
+unix_chkpwd is designed to have a suid bit, but it's not possible to set it
+for files in the store.  This patch tells unix_pam.so to look for
+unix_chkpwd in setuid program directory on Guix System.
+
+--- a/modules/pam_unix/Makefile.in
++++ b/modules/pam_unix/Makefile.in
+@@ -651,1 +651,1 @@
+-	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
++	-DCHKPWD_HELPER=\"/run/setuid-programs/unix_chkpwd\" \
author	Andrew Tropin <andrew@trop.in>	2022-02-06 08:16:54 +0300
committer	Ludovic Courtès <ludo@gnu.org>	2022-02-10 23:37:10 +0100
commit	f172118ca43369af548af2d4edecb07890f917e8 (patch)
tree	ff0d3ebcd9040682cd6a5529cb392c3b373e2146 /gnu/packages/patches/linux-pam-unix_chkpwd.patch
parent	b31ef5638bad5c06e6289931eaa0ab7feda908db (diff)