16 lines
525 B
Nix
16 lines
525 B
Nix
{ ... }: {
|
||
security.sudo = {
|
||
# Only allow members of the wheel group to execute sudo by setting the
|
||
# executable’s permissions accordingly. This prevents users that are not
|
||
# members of wheel from exploiting vulnerabilities in sudo such as
|
||
# CVE-2021-3156.
|
||
security.sudo.execWheelOnly = true;
|
||
|
||
# With great power comes great responsibility, we get it.. Also means we
|
||
# don't have state in /var/db/sudo/lectured.
|
||
security.sudo.extraConfig = ''
|
||
Defaults lecture = never
|
||
'';
|
||
};
|
||
}
|