> I'd like to build a system where regular users cannot access nix
> commands, daemon, etc.
Look for the 'allowed-users' option in the nix.conf(5) man page. That
should do what you want.
Best regards,
Peter
___
nix-dev mailing list
Oh, I had in mind https://github.com/NixOS/nix/issues/8
I do Nix builds of some private packages. The source for builds is fetched
from private repo, ofc. But nix store is a public place, and my private
sources become public.
2017-01-20 13:46 GMT+02:00 Profpatsch :
> On
On 20/01/17 12:46, Profpatsch wrote:
On 17-01-20 10:59am, Danylo Hlynskyi wrote:
Nix design doesn't support quotas on filled store per-user, and let's not
forget #8.
https://github.com/NixOS/nixpkgs/pull/8 ?
That looks unrelated.
Rather https://github.com/NixOS/nix/issues/8 I would say.
Hi,
On 01/20/2017 01:25 PM, Tomasz Czyż wrote:
> So obvious :-)
>
> Eelco, is that the case with NixOS only or that works also when you install
> Nix
> as regular user, let's say on Ubuntu?
It works in any multi-user Nix setup, i.e. when using nix-daemon.
Note however that the Nix install
So obvious :-)
Eelco, is that the case with NixOS only or that works also when you install
Nix as regular user, let's say on Ubuntu?
2017-01-20 12:07 GMT+00:00 Eelco Dolstra :
> Hi,
>
> On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote:
>
> > I'd like to build a
Hi,
On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote:
> I'd like to build a system where regular users cannot access nix
> commands, daemon, etc. Ideally, only users belonging to a particular
> group could access those. (Probably worse solution, but still
> acceptable, if this was limited to
On 17-01-20 10:59am, Danylo Hlynskyi wrote:
> Nix design doesn't support quotas on filled store per-user, and let's not
> forget #8.
https://github.com/NixOS/nixpkgs/pull/8 ?
That looks unrelated.
--
Proudly written in Mutt with Vim on NixOS.
Q: Why is this email five sentences or less?
A:
Nix design doesn't support quotas on filled store per-user, and let's not
forget #8.
2017-01-20 5:36 GMT+02:00 Tomasz Czyż :
> It's probably against nix design but let's try.
>
> Just an idea (haven't tried yet). Install nix as NIXUSER (without the
> deamon, just nix to
This is a good question because installing packages can be used as a DOS
attack. I wonder if it would be easy to make a patch to change the file
permissions on the Nix daemon and other services that write to the Nix
store.
On Jan 20, 2017 02:15, "Mateusz Czaplinski" wrote:
It's probably against nix design but let's try.
Just an idea (haven't tried yet). Install nix as NIXUSER (without the
deamon, just nix to run builds). Other users can access paths, build by nix
from /nix/store but they won't access nix as it belongs to NIXUSER.
But they probably can access nix
I'd like to build a system where regular users cannot access nix
commands, daemon, etc. Ideally, only users belonging to a particular
group could access those. (Probably worse solution, but still
acceptable, if this was limited to sudoers only.)
Is it possible? If yes, how to do that on NixOS?
11 matches
Mail list logo