Sudo: Difference between revisions
imported>Onny Initial page |
Marked this version for translation |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[https://www.sudo.ws | <translate> | ||
<!--T:1--> | |||
== Usage == | [https://www.sudo.ws Sudo] allows a system | ||
administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments. | |||
</translate> | |||
<translate> | |||
== Usage == <!--T:2--> | |||
</translate> | |||
<translate> | |||
<!--T:3--> | |||
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password. | Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password. | ||
</translate> | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
security.sudo = { | security.sudo = { | ||
Line 25: | Line 31: | ||
groups = [ "wheel" ]; | groups = [ "wheel" ]; | ||
}]; | }]; | ||
extraConfig = with pkgs; '' | |||
Defaults:picloud secure_path="${lib.makeBinPath [ | |||
systemd | |||
]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin" | |||
''; | |||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 16:59, 11 August 2024
Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
Usage
Following simple configuration will allow all users which are part of the group wheel
to execute commands specified inside extraRules
as super user using sudo
without the need to supply a user password.
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
extraConfig = with pkgs; ''
Defaults:picloud secure_path="${lib.makeBinPath [
systemd
]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
'';
};