diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-06 20:00:15 +0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-06 20:00:15 +0000 |
commit | 6e5ec1029ad279c1ac69e14730afb4d2d9964b5d (patch) | |
tree | d0b031a8c4a40d6fa9c6d77b95b1acc66ea1840c /nix.conf.example | |
parent | 751f6d2157a1b89f2463b68a90f8515deb3f942c (diff) |
* Get rid of `build-users'. We'll just take all the members of
`build-users-group'. This makes configuration easier: you can just
add users in /etc/group.
Diffstat (limited to 'nix.conf.example')
-rw-r--r-- | nix.conf.example | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/nix.conf.example b/nix.conf.example index a75045b14..92e114dc5 100644 --- a/nix.conf.example +++ b/nix.conf.example @@ -78,44 +78,44 @@ #build-max-jobs = 1 -### Option `build-users' +### Option `build-users-group' # -# This option contains a list of user names under which Nix can -# execute builds. In multi-user Nix installations, builds should not +# This options specifies the Unix group containing the Nix build user +# accounts. In multi-user Nix installations, builds should not # be performed by the Nix account since that would allow users to # arbitrarily modify the Nix store and database by supplying specially # crafted builders; and they cannot be performed by the calling user # since that would allow him/her to influence the build result. # -# Thus this list should contain a number of `special' user accounts -# created specifically for Nix, e.g., `nix-builder-1', -# `nix-builder-2', and so on. The more users the better, since at -# most a number of builds equal to the number of build users can be -# running simultaneously. +# Therefore, if this option is non-empty and specifies a valid group, +# builds will be performed under the user accounts that are a member +# of the group specified here (as listed in /etc/group). Those user +# accounts should not be used for any other purpose! # -# If this list is empty, builds will be performed under the Nix -# account (that is, the uid under which the Nix daemon runs, or that -# owns the setuid nix-worker program). +# Nix will never run two builds under the same user account at the +# same time. This is to prevent an obvious security hole: a malicious +# user writing a Nix expression that modifies the build result of a +# legitimate Nix expression being built by another user. Therefore it +# is good to have as many Nix build user accounts as you can spare. +# (Remember: uids are cheap.) # -# Example: -# build-users = nix-builder-1 nix-builder-2 nix-builder-3 -#build-users = - - -### Option `build-users-group' +# The build users should have permission to create files in the Nix +# store, but not delete them. Therefore, /nix/store should be owned +# by the Nix account, its group should be the group specified here, +# and its mode should be 1775. # -# If `build-users' is used, then this option specifies the group ID -# (gid) under which each build is to be performed. This group should -# have permission to create files in the Nix store, but not delete -# them. I.e., /nix/store should be owned by the Nix account, its -# group should be the group specified here, and its mode should be -# 1775. +# If the build users group is empty, builds will be performed under +# the uid of the Nix process (that is, the uid of the caller if +# $NIX_REMOTE is empty, the uid under which the Nix daemon runs if +# $NIX_REMOTE is `daemon', or the uid that owns the setuid nix-worker +# program if $NIX_REMOTE is `slave'). Obviously, this should not be +# used in multi-user settings with untrusted users. # -# The default is `nix'. +# The default is empty. # # Example: -# build-users-group = nix -#build-users-group = +# build-users-group = nix-builders +build-users-group = nix-builders ### Option `system' |