fix sudo
This commit is contained in:
parent
a3d6af5b62
commit
e075c35813
|
@ -13,6 +13,7 @@
|
|||
./packages.nix
|
||||
./ripgrep.nix
|
||||
./ssh.nix
|
||||
./sudo.nix
|
||||
./users.nix
|
||||
./vim
|
||||
];
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{...}: {
|
||||
security.sudo = {
|
||||
# Only allow members of the wheel group to execute sudo by setting the
|
||||
# executable’s permissions accordingly. This prevents users that are not
|
||||
# executable's permissions accordingly. This prevents users that are not
|
||||
# members of wheel from exploiting vulnerabilities in sudo such as
|
||||
# CVE-2021-3156.
|
||||
security.sudo.execWheelOnly = true;
|
||||
execWheelOnly = true;
|
||||
|
||||
# With great power comes great responsibility, we get it.. Also means we
|
||||
# don't have state in /var/db/sudo/lectured.
|
||||
security.sudo.extraConfig = ''
|
||||
extraConfig = ''
|
||||
Defaults lecture = never
|
||||
'';
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue