diff --git a/configs/workhorse/graylog.nix b/configs/workhorse/graylog.nix
index f2c87c0..dda1de4 100644
--- a/configs/workhorse/graylog.nix
+++ b/configs/workhorse/graylog.nix
@@ -119,6 +119,7 @@ in {
       "2","cirtical","Critical conditions"
       "3","error","Error Condition"
       "4","warning","May indicate that an error will occur if action is not taken."
+      "4","warn","May indicate that an error will occur if action is not taken."
       "5","notice","Events that are unusual, but not error conditions."
       "6","info","Normal operational messages that require no action."
       "7","debug","Information useful to developers for debugging the application."
diff --git a/modules/programs/browser.nix b/modules/programs/browser.nix
index 181226c..d9c6fd7 100644
--- a/modules/programs/browser.nix
+++ b/modules/programs/browser.nix
@@ -37,6 +37,9 @@ let
       '';
     };
 
+  killBrowser = name:
+    pkgs.writeShellScriptBin "${name}-kill" "sudo killall -9 -u ${name}";
+
   cleanBrowser = name: browser: home: homeBackup:
     let
       backupFile = "${homeBackup}.tar.lzma";
@@ -45,7 +48,7 @@ let
     in pkgs.writeShellScriptBin "${name}-clean" # sh
     ''
       sudo killall -9 -u ${name}
-      sudo rm ${lockFile}
+      sudo rm -f ${lockFile}
       sudo rm -rf ${home}
     '';
 
@@ -129,6 +132,8 @@ let
     cleanBrowser name name browserConfig.home browserConfig.homeBackup)
   filteredConfigs;
 
+  allKillScripts = mapAttrsToList (name: _: killBrowser name) cfg.configList;
+
   # browser chooser
   # ---------------
   browserSelect = pkgs.writeScriptBin "browser-select" ''
@@ -203,9 +208,15 @@ in {
     # add sudo rights
     security.sudo.extraConfig = let
       extraRules = flip mapAttrsToList cfg.configList (name: values:
-        concatStringsSep "\n"
-        (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL")
-          values.sudoUsers));
+        concatStringsSep "" (map (sudoUser: ''
+          # sudo configuration to control browser
+          ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/chown -R ${values.user}\:users ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home}
+          ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock
+        '') values.sudoUsers));
     in lib.concatStringsSep "\n" extraRules;
 
     # create users
@@ -226,7 +237,7 @@ in {
     environment.systemPackages = [ browserSelect (desktopFile browserSelect) ]
       ++ browserExecutableList
       ++ (map (bin: desktopFile bin) browserExecutableList) ++ allBackupScripts
-      ++ allCleanScripts;
+      ++ allCleanScripts ++ allKillScripts;
 
   };
 }