Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 87cde1cfd3e7
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7bb2e7e0f691
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Jun 18, 2020

  1. nixos/sudo: default rule should be first 

    In /etc/sudoers, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.

(cherry picked from commit 13e2c75)
    @cole-h
    cole-h committed Jun 18, 2020
    Copy the full SHA
    30c703c View commit details

  2. Merge pull request #90699 from cole-h/sudo 

    [20.03] nixos/sudo: default rule should be first
    @worldofpeace
    worldofpeace authored Jun 18, 2020
    Copy the full SHA
    7bb2e7e View commit details
Showing with 3 additions and 1 deletion.
  1. +3 −1 nixos/modules/security/sudo.nix
4 changes: 3 additions & 1 deletion nixos/modules/security/sudo.nix
View file
Original file line number Diff line number Diff line change
@@ -173,7 +173,9 @@ in

config = mkIf cfg.enable {

security.sudo.extraRules = [
# We `mkOrder 600` so that the default rule shows up first, but there is
# still enough room for a user to `mkBefore` it.
security.sudo.extraRules = mkOrder 600 [
{ groups = [ "wheel" ];
commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ];
}