[Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Tomasz Czyż tomasz.czyz at gmail.com
Fri Jan 20 04:36:46 CET 2017


It's probably against nix design but let's try.

Just an idea (haven't tried yet). Install nix as NIXUSER (without the
deamon, just nix to run builds). Other users can access paths, build by nix
from /nix/store but they won't access nix as it belongs to NIXUSER.

But they probably can access nix at any point at this stage (or maybe they
need sudo to be added to a group, not sure).




2017-01-20 2:15 GMT+00:00 Mateusz Czaplinski <czapkofan at gmail.com>:

> I'd like to build a system where regular users cannot access nix
> commands, daemon, etc. Ideally, only users belonging to a particular
> group could access those. (Probably worse solution, but still
> acceptable, if this was limited to sudoers only.)
>
> Is it possible? If yes, how to do that on NixOS?
>
> Thanks & Best Regards,
> /Mateusz.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>



-- 
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170120/8765f248/attachment.html>


More information about the nix-dev mailing list