nix-community/srvos
1
1
Fork 0
mirror of https://github.com/nix-community/srvos.git synced 2024-08-17 01:40:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

sudo: drop explicit sudo enable (#304)

Browse Source 
This makes it harder to replace sudo with sudo-rs
This commit is contained in:
Jörg Thalheim 2023-11-12 11:27:36 +01:00 committed by GitHub
parent a0d29fdb2f
commit 533a8681bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/common/sudo.nix
View File

@ -1,6 +1,4 @@
{
# Allow sudo from the @wheel group
security.sudo.enable = true;
# Only allow members of the wheel group to execute sudo by setting the executables permissions accordingly. This prevents users that are not members of wheel from exploiting vulnerabilities in sudo such as CVE-2021-3156.
security.sudo.execWheelOnly = true;
# Don't lecture the user. Less mutable state.