ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-10 08:39:08 +03:00
Code Issues Projects Releases Wiki Activity

nixos/sudo: default rule should be first

Browse Source 
In /etc/sudoers, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
This commit is contained in:
Cole Helbling 2020-05-10 21:49:52 -07:00
parent 02ff18c796
commit 13e2c75c93
No known key found for this signature in database
GPG Key ID: B37E0F2371016A4C
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/security/sudo.nix
View File

@ -173,7 +173,9 @@ in
config = mkIf cfg.enable {
security.sudo.extraRules = [
# We `mkOrder 600` so that the default rule shows up first, but there is
# still enough room for a user to `mkBefore` it.
security.sudo.extraRules = mkOrder 600 [
{ groups = [ "wheel" ];
commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ];
}