aboutsummaryrefslogtreecommitdiff
path: root/doc/manual/command-ref/conf-file.xml
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2017-11-21 18:49:52 +0100
committerEelco Dolstra <edolstra@gmail.com>2017-11-21 18:49:52 +0100
commit7536fe31dd8c162026d517521dc49b5d9286bfb1 (patch)
tree289502f55b4d10ef8e3ee23bae7d251ce1aa0dcd /doc/manual/command-ref/conf-file.xml
parent4fcf44825fbcfbc46fd6dfe48ea09164aa003647 (diff)
Add a warning about the 'trusted-users' option
Diffstat (limited to 'doc/manual/command-ref/conf-file.xml')
-rw-r--r--doc/manual/command-ref/conf-file.xml11
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 868cca1da..e52cbcd53 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -543,11 +543,12 @@ password <replaceable>my-password</replaceable>
<literal>wheel</literal> group. The default is
<literal>root</literal>.</para>
- <warning><para>The users listed here have the ability to
- compromise the security of a multi-user Nix store. For instance,
- they could install Trojan horses subsequently executed by other
- users. So you should consider carefully whether to add users to
- this list.</para></warning>
+ <warning><para>Adding a user to <option>trusted-users</option>
+ is essentially equivalent to giving that user root access to the
+ system. For example, the user can set
+ <option>sandbox-paths</option> and thereby obtain read access to
+ directories that are otherwise inacessible to
+ them.</para></warning>
</listitem>