Sudo: Difference between revisions

From NixOS Wiki
imported>Onny
Add workaround for NOPASSWD in NixOS 23.11
Unabomberlive (talk | contribs)
Marked this version for translation
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
[https://www.sudo.ws Sudo] allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
<translate>
 
<!--T:1-->
== Usage ==
[https://www.sudo.ws Sudo] allows a system  
 
administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
</translate>
<translate>
== Usage == <!--T:2-->
</translate>
<translate>
<!--T:3-->
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password.
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password.
 
</translate>
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
security.sudo = {
security.sudo = {

Latest revision as of 16:59, 11 August 2024

Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.

Usage

Following simple configuration will allow all users which are part of the group wheel to execute commands specified inside extraRules as super user using sudo without the need to supply a user password.

security.sudo = {
  enable = true;
  extraRules = [{
    commands = [
      {
        command = "${pkgs.systemd}/bin/systemctl suspend";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/reboot";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/poweroff";
        options = [ "NOPASSWD" ];
      }
    ];
    groups = [ "wheel" ];
  }];
  extraConfig = with pkgs; ''
    Defaults:picloud secure_path="${lib.makeBinPath [
      systemd
    ]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
  '';
};