nixos/modules/base/sudo.nix

{...}: {
  security.sudo = {
    # Only allow members of the wheel group to execute sudo by setting the
    # executable's permissions accordingly. This prevents users that are not
    # members of wheel from exploiting vulnerabilities in sudo such as
    # CVE-2021-3156.
    execWheelOnly = true;

    # With great power comes great responsibility, we get it.. Also means we
    # don't have state in /var/db/sudo/lectured.
    extraConfig = ''
      Defaults lecture = never
    '';
  };
}
Alejandra 💅 2024-03-05 22:57:41 +01:00			`{...}: {`
srvos 2024-03-05 22:17:26 +01:00			`security.sudo = {`
			`# Only allow members of the wheel group to execute sudo by setting the`
fix sudo 2024-03-06 21:37:39 +01:00			`# executable's permissions accordingly. This prevents users that are not`
srvos 2024-03-05 22:17:26 +01:00			`# members of wheel from exploiting vulnerabilities in sudo such as`
			`# CVE-2021-3156.`
fix sudo 2024-03-06 21:37:39 +01:00			`execWheelOnly = true;`
srvos 2024-03-05 22:17:26 +01:00
			`# With great power comes great responsibility, we get it.. Also means we`
			`# don't have state in /var/db/sudo/lectured.`
fix sudo 2024-03-06 21:37:39 +01:00			`extraConfig = ''`
srvos 2024-03-05 22:17:26 +01:00			`Defaults lecture = never`
			`'';`
			`};`
			`}`