Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge pull request #42834 from Synthetica9/patch-1 | Matthew Bauer | 2018-07-23 |
|\ | | | | | security.sudo.extraRules: documentation fix | ||
| * | Update sudo.nix | Patrick Hilhorst | 2018-07-01 |
| | | | | | | Updated example for security.sudo.extraRules to match comment | ||
* | | nixos/security.sudo: describe extraRules order | ivanbrennan | 2018-07-01 |
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The order of sudoers entries is significant. The man page for sudoers(5) notes: Where there are multiple matches, the last match is used (which is not necessarily the most specific match). This module adds a rule for group "wheel" matching all commands. If you wanted to add a more specific rule allowing members of the "wheel" group to run command `foo` without a password, you'd need to use mkAfter to ensure your rule comes after the more general rule. extraRules = lib.mkAfter [ { groups = [ "wheel" ]; commands = [ { command = "${pkgs.foo}/bin/foo"; options = [ "NOPASSWD" "SETENV" ]; } ] } ]; Otherwise, when configuration options are merged, if the general rule ends up after the specific rule, it will dictate the behavior even when running the `foo` command. | ||
* | nixos/security: fix description of sudo.wheelNeedsPassword | giraffito | 2018-03-16 |
| | | | the previous description mistakenly described the opposite semantics | ||
* | nixos: sudo: Use build-time visudo for syntax check. | Shea Levy | 2018-02-28 |
| | |||
* | sudo: define extra rules in Nix language (#33905) | Leon Schuermann | 2018-01-17 |
| | |||
* | terminfo: symlink terminfo to /etc for ncurses | Guillaume Maudoux | 2017-06-30 |
| | |||
* | More derp | Parnell Springmeyer | 2017-01-29 |
| | |||
* | Addressing PR feedback | Parnell Springmeyer | 2017-01-28 |
| | |||
* | setcap-wrapper: Merging with upstream master and resolving conflicts | Parnell Springmeyer | 2017-01-25 |
|\ | |||
| * | sudo: Allow root to use sudo to switch groups | Roger Qiu | 2016-09-13 |
| | | |||
* | | Adapting everything for the merged permissions wrappers work. | Parnell Springmeyer | 2016-09-01 |
| | | |||
* | | everything?: Updating every package that depended on the old setuidPrograms ↵ | Parnell Springmeyer | 2016-09-01 |
|/ | | | | configuration. | ||
* | sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid). | obadz | 2015-03-30 |
| | | | | sudo: add ability for wheel users to change group (as well as user) | ||
* | Improve /etc/sudoers message | Eelco Dolstra | 2014-12-18 |
| | |||
* | sudo: allow adding extra configuration options to the bottom of sudoers | Mathijs Kwik | 2014-11-02 |
| | | | | | | from sudoers (5): When multiple entries match for a user, they are applied in order. Where there are multiple matches, the last match is used (which is not necessarily the most specific match). | ||
* | sudo: Always keepVisudo in order to simplify sudo build | William A. Kennington III | 2014-06-17 |
| | |||
* | nixos.tests.installer: Fix test failures due to network being disabled | Ricardo M. Correia | 2014-06-17 |
| | |||
* | Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env"" | Eelco Dolstra | 2014-06-10 |
| | | | | This reverts commit 491c088731022463978e595956427e72db6306a9. | ||
* | Revert "Merge #2692: Use pam_env to properly setup system-wide env" | Eelco Dolstra | 2014-06-10 |
| | | | | This reverts commit 18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c. | ||
* | Merge #2692: Use pam_env to properly setup system-wide env | Vladimír Čunát | 2014-06-10 |
| | |||
* | Enable checking sudoers syntax. Fixes #2850, probably. | Michael Raskin | 2014-06-09 |
| | |||
* | sudo: env_keep TERMINFO for urxvt | Aristid Breitkreuz | 2014-05-04 |
| | |||
* | Rewrite ‘with pkgs.lib’ -> ‘with lib’ | Eelco Dolstra | 2014-04-14 |
| | | | | | | | | Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. | ||
* | Add lots of missing option types | Eelco Dolstra | 2013-10-30 |
| | |||
* | Turn security.pam.services into an attribute set | Eelco Dolstra | 2013-10-15 |
| | | | | | | | | | | | | That is, you can say security.pam.services.sshd = { options... }; instead of security.pam.services = [ { name = "sshd"; options... } ]; making it easier to override PAM settings from other modules. | ||
* | Move all of NixOS to nixos/ in preparation of the repository merge | Eelco Dolstra | 2013-10-10 |