diff options
| author | worldofpeace <worldofpeace@protonmail.ch> | 2020-06-17 20:56:10 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-17 20:56:10 -0400 |
| commit | d7122c3a3292d8fb672643149c8bec4f48f139f9 (patch) | |
| tree | 55a6e1c81bc2b815d0b41371a7108f7b8add6d37 | |
| parent | 02ff18c7963071d19d76bc4d52fc92d8827a1720 (diff) | |
| parent | 13e2c75c932adac6a198e35b04e2cb9a1eaf86cf (diff) | |
| download | nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.tar nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.tar.gz nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.tar.bz2 nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.tar.lz nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.tar.xz nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.tar.zst nixlib-d7122c3a3292d8fb672643149c8bec4f48f139f9.zip | |
Merge pull request #87579 from cole-h/sudo
nixos/sudo: default rule should be first
| -rw-r--r-- | nixos/modules/security/sudo.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index e3e43177def3..1ed5269c5ae7 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -173,7 +173,9 @@ in config = mkIf cfg.enable { - security.sudo.extraRules = [ + # We `mkOrder 600` so that the default rule shows up first, but there is + # still enough room for a user to `mkBefore` it. + security.sudo.extraRules = mkOrder 600 [ { groups = [ "wheel" ]; commands = [ { command = "ALL"; options = (if cfg.wheelNeedsPassword then [ "SETENV" ] else [ "NOPASSWD" "SETENV" ]); } ]; } |