d08967a3a8
The order of sudoers entries is significant. The man page for sudoers(5) notes: Where there are multiple matches, the last match is used (which is not necessarily the most specific match). This module adds a rule for group "wheel" matching all commands. If you wanted to add a more specific rule allowing members of the "wheel" group to run command `foo` without a password, you'd need to use mkAfter to ensure your rule comes after the more general rule. extraRules = lib.mkAfter [ { groups = [ "wheel" ]; commands = [ { command = "${pkgs.foo}/bin/foo"; options = [ "NOPASSWD" "SETENV" ]; } ] } ]; Otherwise, when configuration options are merged, if the general rule ends up after the specific rule, it will dictate the behavior even when running the `foo` command. |
||
---|---|---|
.. | ||
doc/manual | ||
lib | ||
maintainers | ||
modules | ||
tests | ||
COPYING | ||
default.nix | ||
README | ||
release-combined.nix | ||
release-small.nix | ||
release.nix |
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at http://nixos.org/nixos and in the manual in doc/manual.