caspervk/nixos
1
0
Fork 0
Code Actions Activity

fix sudo

Browse source
This commit is contained in:
Casper V. Kristensen 2024-03-06 21:37:39 +01:00
parent a3d6af5b62
commit e075c35813
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/base/default.nix
View file

@ -13,6 +13,7 @@
./packages.nix ./packages.nix
./ripgrep.nix ./ripgrep.nix
./ssh.nix ./ssh.nix
./sudo.nix
./users.nix ./users.nix
./vim ./vim
]; ];

6
modules/base/sudo.nix
View file

@ -1,14 +1,14 @@
{...}: { {...}: {
security.sudo = { security.sudo = {
# Only allow members of the wheel group to execute sudo by setting the # Only allow members of the wheel group to execute sudo by setting the
# executables permissions accordingly. This prevents users that are not # executable's permissions accordingly. This prevents users that are not
# members of wheel from exploiting vulnerabilities in sudo such as # members of wheel from exploiting vulnerabilities in sudo such as
# CVE-2021-3156. # CVE-2021-3156.
security.sudo.execWheelOnly = true; execWheelOnly = true;
# With great power comes great responsibility, we get it.. Also means we # With great power comes great responsibility, we get it.. Also means we
# don't have state in /var/db/sudo/lectured. # don't have state in /var/db/sudo/lectured.
security.sudo.extraConfig = '' extraConfig = ''
Defaults lecture = never Defaults lecture = never
''; '';
}; };