aboutsummaryrefslogtreecommitdiff
path: root/doc/manual/installation/nix-security.xml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/manual/installation/nix-security.xml')
-rw-r--r--doc/manual/installation/nix-security.xml27
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/manual/installation/nix-security.xml b/doc/manual/installation/nix-security.xml
new file mode 100644
index 000000000..d888ff14d
--- /dev/null
+++ b/doc/manual/installation/nix-security.xml
@@ -0,0 +1,27 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ version="5.0"
+ xml:id="ch-nix-security">
+
+<title>Security</title>
+
+<para>Nix has two basic security models. First, it can be used in
+“single-user mode”, which is similar to what most other package
+management tools do: there is a single user (typically <systemitem
+class="username">root</systemitem>) who performs all package
+management operations. All other users can then use the installed
+packages, but they cannot perform package management operations
+themselves.</para>
+
+<para>Alternatively, you can configure Nix in “multi-user mode”. In
+this model, all users can perform package management operations — for
+instance, every user can install software without requiring root
+privileges. Nix ensures that this is secure. For instance, it’s not
+possible for one user to overwrite a package used by another user with
+a Trojan horse.</para>
+
+<xi:include href="single-user.xml" />
+<xi:include href="multi-user.xml" />
+
+</chapter> \ No newline at end of file