Sudo: Difference between revisions

Latest revision as of 06:40, 1 June 2025

Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.

Usage

Enable sudo-usage for the example user myuser.

users.users.myuser.extraGroups = [ "wheel" ];

Following simple configuration will allow all users which are part of the group wheel to execute commands specified inside extraRules as super user using sudo without the need to supply a user password.

security.sudo = {
  enable = true;
  extraRules = [{
    commands = [
      {
        command = "${pkgs.systemd}/bin/systemctl suspend";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/reboot";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/poweroff";
        options = [ "NOPASSWD" ];
      }
    ];
    groups = [ "wheel" ];
  }];
  extraConfig = with pkgs; ''
    Defaults:picloud secure_path="${lib.makeBinPath [
      systemd
    ]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
  '';
};

@@ Line 2: / Line 2: @@
 <!--T:1-->
 [https://www.sudo.ws Sudo] allows a system
-administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
+administrator to delegate authority to give certain [[User management|users]] - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
 </translate>
 <translate>
-== Usage == <!--T:2-->
+== Usage ==
+Enable sudo-usage for the example user <code>myuser</code>.<syntaxhighlight lang="nix">
+users.users.myuser.extraGroups = [ "wheel" ];
+</syntaxhighlight><!--T:2-->
 </translate>
 <translate>