[Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Kevin Cox kevincox at kevincox.ca
Fri Jan 20 09:41:05 CET 2017


This is a good question because installing packages can be used as a DOS
attack. I wonder if it would be easy to make a patch to change the file
permissions on the Nix daemon and other services that write to the Nix
store.

On Jan 20, 2017 02:15, "Mateusz Czaplinski" <czapkofan at gmail.com> wrote:

> I'd like to build a system where regular users cannot access nix
> commands, daemon, etc. Ideally, only users belonging to a particular
> group could access those. (Probably worse solution, but still
> acceptable, if this was limited to sudoers only.)
>
> Is it possible? If yes, how to do that on NixOS?
>
> Thanks & Best Regards,
> /Mateusz.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170120/8d1e72e0/attachment.html>


More information about the nix-dev mailing list