Sudo: Difference between revisions
mNo edit summary |
m link to usermanagement |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<translate> | <translate> | ||
<!--T:1--> | |||
[https://www.sudo.ws Sudo] allows a system | [https://www.sudo.ws Sudo] allows a system | ||
administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments. | administrator to delegate authority to give certain [[User management|users]] - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments. | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
== Usage == | == Usage == | ||
Enable sudo-usage for the example user <code>myuser</code>.<syntaxhighlight lang="nix"> | |||
users.users.myuser.extraGroups = [ "wheel" ]; | |||
</syntaxhighlight><!--T:2--> | |||
</translate> | </translate> | ||
<translate> | <translate> | ||
<!--T:3--> | |||
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password. | Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password. | ||
</translate> | </translate> | ||
Latest revision as of 06:40, 1 June 2025
Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
Usage
Enable sudo-usage for the example user myuser.
users.users.myuser.extraGroups = [ "wheel" ];
Following simple configuration will allow all users which are part of the group wheel to execute commands specified inside extraRules as super user using sudo without the need to supply a user password.
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
extraConfig = with pkgs; ''
Defaults:picloud secure_path="${lib.makeBinPath [
systemd
]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
'';
};