[Nix-dev] Re: NIX_OTHER_STORES and security?
Ludovic Courtès
ludo at gnu.org
Wed Nov 26 17:03:30 CET 2008
Hi,
Eelco Dolstra <e.dolstra at tudelft.nl>
writes:
> Marc Weber wrote:
>> So when using nix-channel * stuff I run nix-pull as root using setuid
>> bits or such implicitely?
>
> No, nix-channel only calls nix-pull if you have direct write permission to
> /nix/var/nix/manifests, which on NixOS only root has. So as a normal user you
> can't register additional manifests. Thus nix-channel is basically a
> source-only distribution mechanism if you're not root.
The ability for users to register manifests would probably require
per-user stores (to account for the fact that users are mutually
suspicious, as you noted), which would be tricky.
Thanks,
Ludo'.
More information about the nix-dev
mailing list