I’m trying to add the tc
program to the sudoers
file to run without a password prompt:
sudo = {
enable = true;
execWheelOnly = true;
extraRules = [
{
groups = [ "wheel" ];
commands = [
{
command = "${pkgs.iproute2}/bin/tc";
options = [ "NOPASSWD" ];
}
];
}
];
};
For the most part this works. If I look at the generated sudoers file, I can see the path to the binary:
%wheel ALL=(ALL:ALL) NOPASSWD: /nix/store/9w8x9qzjkiy2jsa4zji31yxjdih92h97-iproute2-6.5.0/bin/tc
And if I specify that full path on the command line, it runs without a password prompt as expected.
However, this isn’t the binary that gets run by default on the command line:
❯ whereis tc
tc: /nix/store/l17rs3zv5kr2kwjvibvlaqzks8nhllj7-system-path/bin/tc
Since the paths don’t match, running sudo tc
without the full path from the sudoers
file doesn’t work, it prompts for a password.
So why do there appear to be two paths for this binary? What is the system-path
location? It isn’t a package I can use in my nix config…