sudo: allow adding extra configuration options to the bottom of sudoers
from sudoers (5): When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match).
This commit is contained in:
Mathijs Kwik
parent
53614cf1a7
commit
f356cee747
@ -46,6 +46,14 @@ in
|
|||||||
<filename>sudoers</filename> file.
|
<filename>sudoers</filename> file.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.sudo.extraConfig = mkOption {
|
||||||
|
type = types.lines;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Extra configuration text appended to <filename>sudoers</filename>.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -55,7 +63,8 @@ in
|
|||||||
|
|
||||||
security.sudo.configFile =
|
security.sudo.configFile =
|
||||||
''
|
''
|
||||||
# Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
|
# Don't edit this file. Set the NixOS options ‘security.sudo.configFile’
|
||||||
|
# and security.sudo.extraConfig instead.
|
||||||
|
|
||||||
# Environment variables to keep for root and %wheel.
|
# Environment variables to keep for root and %wheel.
|
||||||
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
|
Defaults:root,%wheel env_keep+=TERMINFO_DIRS
|
||||||
@ -69,6 +78,7 @@ in
|
|||||||
|
|
||||||
# Users in the "wheel" group can do anything.
|
# Users in the "wheel" group can do anything.
|
||||||
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
|
%wheel ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
|
||||||
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
security.setuidPrograms = [ "sudo" "sudoedit" ];
|
security.setuidPrograms = [ "sudo" "sudoedit" ];
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user