Sudo: Difference between revisions
imported>Onny mNo edit summary |
m link to usermanagement |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
[https://www.sudo.ws Sudo] allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments. | <translate> | ||
<!--T:1--> | |||
[https://www.sudo.ws Sudo] allows a system | |||
administrator to delegate authority to give certain [[User management|users]] - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments. | |||
</translate> | |||
<translate> | |||
== Usage == | == Usage == | ||
Enable sudo-usage for the example user <code>myuser</code>.<syntaxhighlight lang="nix"> | |||
users.users.myuser.extraGroups = [ "wheel" ]; | |||
</syntaxhighlight><!--T:2--> | |||
</translate> | |||
<translate> | |||
<!--T:3--> | |||
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password. | Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password. | ||
</translate> | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
security.sudo = { | security.sudo = { | ||
| Line 25: | Line 34: | ||
groups = [ "wheel" ]; | groups = [ "wheel" ]; | ||
}]; | }]; | ||
extraConfig = with pkgs; '' | |||
Defaults:picloud secure_path="${lib.makeBinPath [ | |||
systemd | |||
]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" | |||
''; | |||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 06:40, 1 June 2025
Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
Usage
Enable sudo-usage for the example user myuser.
users.users.myuser.extraGroups = [ "wheel" ];
Following simple configuration will allow all users which are part of the group wheel to execute commands specified inside extraRules as super user using sudo without the need to supply a user password.
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
extraConfig = with pkgs; ''
Defaults:picloud secure_path="${lib.makeBinPath [
systemd
]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
'';
};