i found that i wanted to know how i could have sudo ask for the root password everytime
i eventually found it
{ config, pkgs, ... }:
{
security.sudo = {
enable = true;
wheelNeedsPassword = true; # Require password for sudo (default: user's password)
configFile = ''
# Force root password instead of user password
Defaults rootpw
# Disable sudo timeout (ask for password every time)
Defaults timestamp_timeout=0
'';
};
}
i have this as /etc/nixos/file.nix
i then have it inculed in /etc/nix/configuration.nix
This is probably fine on a system where the only user is the administrator, but it should not be done in general. This means that any user who is given permission to do anything with sudo must also be able to log in as root; you have no finer control over which user can do what anymore.
You don’t get any additional security of any kind, either, only users added to the wheel group can use sudo anyway, you don’t need to authorize them again, just authenticate; this is why the default is the user password. This setting probably only exists so that sudo can replace homebrew hacky scripts from 45 years ago, don’t use it on a modern system. Don’t even use it on a 40 year old system.
On a side note, I don’t think the root user should even have a password - logging in as root is always a terrible idea, use sudo -s if you need a root shell.