Sudo: Difference between revisions
m link to usermanagement |
Marked this version for translation Tags: Mobile edit Mobile web edit |
||
| Line 5: | Line 5: | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
<!--T:2--> | |||
== Usage == | == Usage == | ||
Enable sudo-usage for the example user <code>myuser</code>.<syntaxhighlight lang="nix"> | Enable sudo-usage for the example user <code>myuser</code>.<syntaxhighlight lang="nix"> | ||
users.users.myuser.extraGroups = [ "wheel" ]; | users.users.myuser.extraGroups = [ "wheel" ]; | ||
</syntaxhighlight | </syntaxhighlight> | ||
</translate> | </translate> | ||
<translate> | <translate> | ||
Latest revision as of 20:55, 7 October 2025
Sudo allows a system administrator to delegate authority to give certain users - or groups of users - the ability to run commands as root or another user while providing an audit trail of the commands and their arguments.
Usage
Enable sudo-usage for the example user myuser.
users.users.myuser.extraGroups = [ "wheel" ];
Following simple configuration will allow all users which are part of the group wheel to execute commands specified inside extraRules as super user using sudo without the need to supply a user password.
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
extraConfig = with pkgs; ''
Defaults:picloud secure_path="${lib.makeBinPath [
systemd
]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
'';
};