[Nix-dev] Is it possible to limit nix access to sudoers and/or a group?

Tomasz Czyż tomasz.czyz at gmail.com
Fri Jan 20 13:25:54 CET 2017


So obvious :-)

Eelco, is that the case with NixOS only or that works also when you install
Nix as regular user, let's say on Ubuntu?

2017-01-20 12:07 GMT+00:00 Eelco Dolstra <eelco.dolstra at logicblox.com>:

> Hi,
>
> On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote:
>
> > I'd like to build a system where regular users cannot access nix
> > commands, daemon, etc. Ideally, only users belonging to a particular
> > group could access those. (Probably worse solution, but still
> > acceptable, if this was limited to sudoers only.)
> >
> > Is it possible? If yes, how to do that on NixOS?
>
> Yes, by setting allowed-users in nix.conf, or nix.allowedUsers in the NixOS
> configuration, e.g.
>
>   nix.allowedUsers = [ "@wheel" ];
>
> The default is "*". I've been thinking that it might be good to tighten
> this to
> something like [ "root" "@users" ], to disallow (say) system daemons.
>
> --
> Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>



-- 
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170120/ac790456/attachment.html>


More information about the nix-dev mailing list