Jump to content

Sudo/zh: Difference between revisions

From NixOS Wiki
Newer edit →
VisualWikitext
Ardenet (talk | contribs)
1,404 edits
Created page with "[https://www.sudo.ws Sudo] 允许系统管理员委托权限,授予某些用户(或用户组)以 root 或其他用户身份运行命令的能力,同时提供命令及其参数的审计跟踪。"
 
Ardenet (talk | contribs)
1,404 edits
Created page with "通过简单的配置,将允许属于 <code>wheel</code> 组的所有用户以超级用户身份且无需提供该用户的密码使用 <code>sudo</code> 执行 <code>extraRules</code> 中指定的命令。"
Tags: Mobile edit Mobile web edit
Line 6: Line 6:
</syntaxhighlight>
</syntaxhighlight>
</div>
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
通过简单的配置,将允许属于 <code>wheel</code> 组的所有用户以超级用户身份且无需提供该用户的密码使用 <code>sudo</code> 执行 <code>extraRules</code> 中指定的命令。
Following simple configuration will allow all users which are part of the group <code>wheel</code> to execute commands specified inside <code>extraRules</code> as super user using <code>sudo</code> without the need to supply a user password.
</div>
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
security.sudo = {
security.sudo = {

Revision as of 11:13, 8 October 2025

Sudo 允许系统管理员委托权限,授予某些用户(或用户组)以 root 或其他用户身份运行命令的能力,同时提供命令及其参数的审计跟踪。

Usage

Enable sudo-usage for the example user myuser.
users.users.myuser.extraGroups = [ "wheel" ];

通过简单的配置,将允许属于 wheel 组的所有用户以超级用户身份且无需提供该用户的密码使用 sudo 执行 extraRules 中指定的命令。 

security.sudo = {
  enable = true;
  extraRules = [{
    commands = [
      {
        command = "${pkgs.systemd}/bin/systemctl suspend";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/reboot";
        options = [ "NOPASSWD" ];
      }
      {
        command = "${pkgs.systemd}/bin/poweroff";
        options = [ "NOPASSWD" ];
      }
    ];
    groups = [ "wheel" ];
  }];
  extraConfig = with pkgs; ''
    Defaults:picloud secure_path="${lib.makeBinPath [
      systemd
    ]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
  '';
};
Retrieved from "https://wiki.nixos.org/w/index.php?title=Sudo/zh&oldid=27508"