movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-21 00:49:27 +03:00
Code Activity

nixos/sudo: Make the default rules' options configurable

Browse source
This commit is contained in:
nicoo 2023-09-07 12:50:48 +00:00
parent b1eab8ca53
commit 717e51a140
2 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
nixos/doc/manual/release-notes/rl-2311.section.md
View file

@ -286,9 +286,10 @@ The module update takes care of the new config syntax and the data itself (user
- New `boot.bcache.enable` (default enabled) allows completely removing `bcache` mount support. - New `boot.bcache.enable` (default enabled) allows completely removing `bcache` mount support.
- `security.sudo` now provides an extra option, that does not change the - `security.sudo` now provides two extra options, that do not change the
module's default behaviour: module's default behaviour:
`keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved - `defaultOptions` controls the options used for the default rules;
- `keepTerminfo` controls whether `TERMINFO` and `TERMINFO_DIRS` are preserved
for `root` and the `wheel` group. for `root` and the `wheel` group.

11
nixos/modules/security/sudo.nix
View file

@ -38,6 +38,15 @@ in
options.security.sudo = { options.security.sudo = {
defaultOptions = mkOption {
type = with types; listOf str;
default = [ "SETENV" ];
description = mdDoc ''
Options used for the default rules, granting `root` and the
`wheel` group permission to run any command as any user.
'';
};
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -206,7 +215,7 @@ in
inherit users groups; inherit users groups;
commands = [ { commands = [ {
command = "ALL"; command = "ALL";
options = opts ++ [ "SETENV" ]; options = opts ++ cfg.defaultOptions;
} ]; } ];
} ]; } ];
in mkMerge [ in mkMerge [