Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

> I'd like to build a system where regular users cannot access nix > commands, daemon, etc. Look for the 'allowed-users' option in the nix.conf(5) man page. That should do what you want. Best regards, Peter ___ nix-dev mailing list

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Oh, I had in mind https://github.com/NixOS/nix/issues/8 I do Nix builds of some private packages. The source for builds is fetched from private repo, ofc. But nix store is a public place, and my private sources become public. 2017-01-20 13:46 GMT+02:00 Profpatsch : > On

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

On 20/01/17 12:46, Profpatsch wrote: On 17-01-20 10:59am, Danylo Hlynskyi wrote: Nix design doesn't support quotas on filled store per-user, and let's not forget #8. https://github.com/NixOS/nixpkgs/pull/8 ? That looks unrelated. Rather https://github.com/NixOS/nix/issues/8 I would say.

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Hi, On 01/20/2017 01:25 PM, Tomasz Czyż wrote: > So obvious :-) > > Eelco, is that the case with NixOS only or that works also when you install > Nix > as regular user, let's say on Ubuntu? It works in any multi-user Nix setup, i.e. when using nix-daemon. Note however that the Nix install

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

So obvious :-) Eelco, is that the case with NixOS only or that works also when you install Nix as regular user, let's say on Ubuntu? 2017-01-20 12:07 GMT+00:00 Eelco Dolstra : > Hi, > > On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote: > > > I'd like to build a

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Hi, On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote: > I'd like to build a system where regular users cannot access nix > commands, daemon, etc. Ideally, only users belonging to a particular > group could access those. (Probably worse solution, but still > acceptable, if this was limited to

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

On 17-01-20 10:59am, Danylo Hlynskyi wrote: > Nix design doesn't support quotas on filled store per-user, and let's not > forget #8. https://github.com/NixOS/nixpkgs/pull/8 ? That looks unrelated. -- Proudly written in Mutt with Vim on NixOS. Q: Why is this email five sentences or less? A:

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Nix design doesn't support quotas on filled store per-user, and let's not forget #8. 2017-01-20 5:36 GMT+02:00 Tomasz Czyż : > It's probably against nix design but let's try. > > Just an idea (haven't tried yet). Install nix as NIXUSER (without the > deamon, just nix to

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

This is a good question because installing packages can be used as a DOS attack. I wonder if it would be easy to make a patch to change the file permissions on the Nix daemon and other services that write to the Nix store. On Jan 20, 2017 02:15, "Mateusz Czaplinski" wrote:

Re: [Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

It's probably against nix design but let's try. Just an idea (haven't tried yet). Install nix as NIXUSER (without the deamon, just nix to run builds). Other users can access paths, build by nix from /nix/store but they won't access nix as it belongs to NIXUSER. But they probably can access nix

[Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

I'd like to build a system where regular users cannot access nix commands, daemon, etc. Ideally, only users belonging to a particular group could access those. (Probably worse solution, but still acceptable, if this was limited to sudoers only.) Is it possible? If yes, how to do that on NixOS?