diff --git a/back/lib/wg_peer_add b/back/lib/wg_peer_add
index 83116cd..e1a6064 100755
--- a/back/lib/wg_peer_add
+++ b/back/lib/wg_peer_add
@@ -21,9 +21,9 @@ CONFIG_FILE='/etc/wgapi/config'
 source "${CONFIG_FILE}"
 
 set -x
-# Printf in file descriptor must use sudo too
+# TODO: Fix this to not give NOPASSWD visudo to bash or su
 # https://askubuntu.com/a/1334988/533341
-res="$(sudo su -c '/usr/bin/wg set "${TLD}" peer "${1}" preshared-key <(printf "${2}\n") allowed-ips "${3}"' )" || (
+res="$(sudo bash -c '/usr/bin/wg set "${TLD}" peer "${1}" preshared-key <(printf "${2}\n") allowed-ips "${3}"' )" || (
 	printf '%s %s\n' "${?}" "${res}" >>"${LOGFILE}"
 	exit 6
 )
diff --git a/back/srv/dashboard/Dockerfile b/back/srv/dashboard/Dockerfile
index 3fc9f23..7366266 100644
--- a/back/srv/dashboard/Dockerfile
+++ b/back/srv/dashboard/Dockerfile
@@ -13,7 +13,7 @@ RUN sed -i "s/ServerAdmin .*$/ServerAdmin ${ADMIN_EMAIL}/" \
 	/etc/apache2/sites-available/000-default.conf
 RUN sed -i "s|DocumentRoot .*$|DocumentRoot /var/www/cgi-bin\n\tScriptAlias / /var/www/cgi-bin/index.cgi|" \
 	/etc/apache2/sites-available/000-default.conf
-RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/su, /usr/bin/wg, /usr/bin/printf, /usr/bin/openssl" | sudo EDITOR='tee -a' visudo
+RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /bin/bash, /usr/bin/wg, /usr/bin/printf, /usr/bin/openssl" | sudo EDITOR='tee -a' visudo
 RUN touch /var/local/wgapi_tokens
 RUN chown www-data:www-data /var/local/wgapi_tokens
 EXPOSE ${LISTEN_PORT}