16 lines
525 B
Nix
16 lines
525 B
Nix
|
{ ... }: {
|
|||
|
security.sudo = {
|
|||
|
# Only allow members of the wheel group to execute sudo by setting the
|
|||
|
# executable’s permissions accordingly. This prevents users that are not
|
|||
|
# members of wheel from exploiting vulnerabilities in sudo such as
|
|||
|
# CVE-2021-3156.
|
|||
|
security.sudo.execWheelOnly = true;
|
|||
|
|
|||
|
# With great power comes great responsibility, we get it.. Also means we
|
|||
|
# don't have state in /var/db/sudo/lectured.
|
|||
|
security.sudo.extraConfig = ''
|
|||
|
Defaults lecture = never
|
|||
|
'';
|
|||
|
};
|
|||
|
}
|