14

I installed and am trying to get started with NixOS, and am trying to add my user to the sudoers file.

So that I'm not running all my commands as root I created a user following Chapter 7. User Management of the NixOS manual. That is, I ran

# useradd -m matthew
# su - matthew -c "true"
# passwd matthew
Enter new UNIX password: ***
Retype new UNIX password: ***

And also I added

users.extraUsers.matthew = {
    isNormalUser = true;
    home = "/home/matthew";
    extragroups = [ "wheel" "networkmanager" ];
}

to /etc/nixos/configuration.nix. But still I am not able to run sudo as matthew. For example, when I try to open sudo's man page with sudo, I get the matthew is not in the sudoers file error.

$ sudo man sudo
[sudo] password for matthew:
matthew is not in the sudoers file. This incident will be reported.

Then I tried following advice on how to add a user to the sudoers file in other distributions, namely editing with $ visudo. But when I run that, nixos tells me not to edit that file. That is, running

$ visudo

opens /etc/sudoers.tmp with first line reading

# Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.

How do I set the NixOS option ‘security.sudo.configFile’?

mherzl
  • 1,509
  • 1
    Breadcrumb: https://nixos.org/nixos/manual/#sec-user-management – Jeff Schaller Jul 09 '17 at 23:33
  • @JeffSchaller thanks for the comment; I've tried following the instructions on that page. That is, I added the 'users.extraUsers.matthew' block to my '/etc/nixos/configuration.nix' and also ran 'useradd -m matthew' and 'su - alice -c "true"', and set password and all. Still getting the 'not in sudoers file' error. – mherzl Jul 10 '17 at 00:52
  • It's odd that this doesn't work. I happen to be working with a fresh NixOS install today, and adding "wheel" to extraGroups worked just fine. Note that it's extraGroups and not extragroups. – shadowtalker Sep 06 '18 at 15:09

3 Answers3

9

Adding a user to the wheel group should be sufficient to gain sudo privileges.

users.extraUsers.matthew = {
    isNormalUser = true;
    home = "/home/matthew";
    extraGroups = [ "wheel" ];
}

After you've added a user to a new linux group, you need to logout and login those users, for those changes to take effect (new group).

Edit: as suggests a comment under the question above, it should be extraGroups not extragroups.

Adam Głowacki
  • 3
Chris Stryczynski
  • 5,818
8

Firstly, adding the user with useradd and editing users.extraUsers is redundant. I've never bothered with useradd on NixOS.

As for the sudo configuration, what you do is set security.sudo.configFile to a string containing what you'd normally put into sudoers:

security.sudo.configFile = ''
   Sudoers config goes here
''
Mateen Ulhaq
  • 743
Emmanuel Rosa
  • 7,128
  • 1
    Thank you. I added "security.sudo.configFile = ''%wheel ALL=(ALL) ALL''" to /etc/nixos/configuration.nix and that did not work, but then I ran the command "$ usermod -a -G matthew wheel" and that did work. – mherzl Jul 10 '17 at 04:06
4

My guess is that in your case, the problem comes from the fact that you created the same user both imperatively (with useradd) and declaratively (in configuration.nix).

First of all, make sure that you run nixos-rebuild switch after each change to /etc/nixos/configuration.nix. Second, if that is not enough, it is probably that the options that you passed declaratively cannot be used given that the user was already created. In which case, removing the user first and running nixos-rebuild switch then should solve the issue.

Zimm i48
  • 621
  • Might be needed to log out/in or at least open a new login shell too? In my experience that's often needed for changes that involve group changes. – olejorgenb Jul 10 '17 at 14:11
  • 1
    Indeed, that's probably the case. On a fast laptop, I would even consider doing nixos-rebuild boot followed by reboot. – Zimm i48 Jul 10 '17 at 14:16
  • Thank you @Zimmi48. I was rebooting after each change to /etc/nixos/configuration.nix, but running 'nixos-rebuild switch' is much faster. And also, from the output I was able to identify a syntax error in my .../configuration.nix which seemed to be causing my user to not be added to the wheel group. – mherzl Jul 10 '17 at 17:09
  • 1
    Note that rebooting alone doesn't do any good. It needs to be preceded by nixos-rebuild boot or nixos-rebuild switch – Zimm i48 Jul 10 '17 at 17:11