doc: rewrite the multi-user documentation to actually talk about security

It's in the security section, and it was totally outdated anyway. I took the opportunity to write down the stuff we already believed. Change-Id: I73e62ae85a82dad13ef846e31f377c3efce13cb0
author: Jade Lovelace <lix@jade.fyi> 2024-06-10 19:55:40 -0700
committer: Jade Lovelace <lix@jade.fyi> 2024-06-12 15:34:23 -0700
commit: 5f6eb6eb446d911228e830f45edb8ced8413bb58 (patch)
tree: 5f62581234bde47f9525da70950724526818392e /src/libfetchers
parent: d9345d8836d295a205eab19ce9e969bcc9a35b42 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/src/libfetchers/fetch-settings.hh b/src/libfetchers/fetch-settings.hh
index 2dc2834fb..6fb260c3a 100644
--- a/src/libfetchers/fetch-settings.hh
+++ b/src/libfetchers/fetch-settings.hh
@@ -87,7 +87,17 @@ struct FetchSettings : public Config
         {}, true, Xp::Flakes};
 
     Setting<bool> acceptFlakeConfig{this, false, "accept-flake-config",
-        "Whether to accept nix configuration from a flake without prompting.",
+        R"(
+          Whether to accept Lix configuration from the `nixConfig` attribute of
+          a flake without prompting. This is almost always a very bad idea.
+
+          Setting this setting as a trusted user allows Nix flakes to gain root
+          access on your machine if they set one of the several
+          trusted-user-only settings that execute commands as root.
+
+          See [multi-user installations](@docroot@/installation/multi-user.md)
+          for more details on the Lix security model.
+        )",
         {}, true, Xp::Flakes};
 
     Setting<std::string> commitLockFileSummary{
author	Jade Lovelace <lix@jade.fyi>	2024-06-10 19:55:40 -0700
committer	Jade Lovelace <lix@jade.fyi>	2024-06-12 15:34:23 -0700
commit	5f6eb6eb446d911228e830f45edb8ced8413bb58 (patch)
tree	5f62581234bde47f9525da70950724526818392e /src/libfetchers
parent	d9345d8836d295a205eab19ce9e969bcc9a35b42 (diff)