Sudo: Difference between revisions

From NixOS Wiki
imported>Onny
Initial page
 
Unabomberlive (talk | contribs)
Marked this version for translation
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[https://www.sudo.ws/sudo Sudo] allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
<translate>
 
<!--T:1-->
== Usage ==
[https://www.sudo.ws Sudo] allows a system  
 
administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
</translate>
<translate>
== Usage == <!--T:2-->
</translate>
<translate>
<!--T:3-->
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password.
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password.
 
</translate>
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
security.sudo = {
security.sudo = {
Line 25: Line 31:
     groups = [ "wheel" ];
     groups = [ "wheel" ];
   }];
   }];
  extraConfig = with pkgs; ''
    Defaults:picloud secure_path="${lib.makeBinPath [
      systemd
    ]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
  '';
};
};
</syntaxhighlight>
</syntaxhighlight>


[[Category:Security]]
[[Category:Security]]

Latest revision as of 16:59, 11 August 2024

Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.

Usage

Following simple configuration will allow all users which are part of the group wheel to execute commands specified inside extraRules as super user using sudo without the need to supply a user password.

security.sudo = {
  enable = true;
  extraRules = [{
    commands = [
      {
        command = "${pkgs.systemd}/bin/systemctl suspend";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/reboot";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/poweroff";
        options = [ "NOPASSWD" ];
      }
    ];
    groups = [ "wheel" ];
  }];
  extraConfig = with pkgs; ''
    Defaults:picloud secure_path="${lib.makeBinPath [
      systemd
    ]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
  '';
};