diff --git a/public/app-network.nix b/public/app-network.nix
index 30c2cdc..f52c5e0 100644
--- a/public/app-network.nix
+++ b/public/app-network.nix
@@ -21,11 +21,16 @@ mkIf true {
     ## Diagnostic
     arp-scan
     nmap          # outil de scan de port réseau
-    mtr           # outil de diagnostic réseau
     #wireshark
     whois
   ];
 
+  # Paquets avec setuid root
+  security.wrappers = {
+    # outil de diagnostic réseau
+    mtr.source = "${pkgs.mtr}/bin/mtr";
+  };
+
   networking.firewall = {
     allowedTCPPorts = [
       5201 # iperf
diff --git a/public/environment.nix b/public/environment.nix
index 9825c5a..00ed6c5 100644
--- a/public/environment.nix
+++ b/public/environment.nix
@@ -72,10 +72,6 @@ in
     };
     etc.gitconfig.text = builtins.readFile ./gitconfig;
   };
-  # programmes qui n'ont pas besoin de sudo pour fonctionner
-  security.setuidPrograms = [
-    "mtr"
-  ];
   programs.bash = {
     enableCompletion = true;
     promptInit = builtins.readFile ./bash-prompt.sh;