Hi, On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote:
> I'd like to build a system where regular users cannot access nix > commands, daemon, etc. Ideally, only users belonging to a particular > group could access those. (Probably worse solution, but still > acceptable, if this was limited to sudoers only.) > > Is it possible? If yes, how to do that on NixOS? Yes, by setting allowed-users in nix.conf, or nix.allowedUsers in the NixOS configuration, e.g. nix.allowedUsers = [ "@wheel" ]; The default is "*". I've been thinking that it might be good to tighten this to something like [ "root" "@users" ], to disallow (say) system daemons. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
