[Nix-dev] Is it possible to limit nix access to sudoers and/or a group?
Danylo Hlynskyi
abcz2.uprola at gmail.com
Fri Jan 20 09:59:42 CET 2017
Nix design doesn't support quotas on filled store per-user, and let's not
forget #8.
2017-01-20 5:36 GMT+02:00 Tomasz Czyż <tomasz.czyz at gmail.com>:
> It's probably against nix design but let's try.
>
> Just an idea (haven't tried yet). Install nix as NIXUSER (without the
> deamon, just nix to run builds). Other users can access paths, build by nix
> from /nix/store but they won't access nix as it belongs to NIXUSER.
>
> But they probably can access nix at any point at this stage (or maybe they
> need sudo to be added to a group, not sure).
>
>
>
>
> 2017-01-20 2:15 GMT+00:00 Mateusz Czaplinski <czapkofan at gmail.com>:
>
>> I'd like to build a system where regular users cannot access nix
>> commands, daemon, etc. Ideally, only users belonging to a particular
>> group could access those. (Probably worse solution, but still
>> acceptable, if this was limited to sudoers only.)
>>
>> Is it possible? If yes, how to do that on NixOS?
>>
>> Thanks & Best Regards,
>> /Mateusz.
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
>
>
> --
> Tomasz Czyż
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170120/d36916ce/attachment.html>
More information about the nix-dev
mailing list