mirror of
https://github.com/NixOS/nix
synced 2025-07-07 22:33:57 +02:00
Consolidate docs
This commit is contained in:
Luc Perkins
parent
daa7f274f5
commit
2b7214197e
2 changed files with 83 additions and 13 deletions
|
|
@ -10,7 +10,7 @@
|
||||||
- [Obtaining a Source Distribution](installation/obtaining-source.md)
|
- [Obtaining a Source Distribution](installation/obtaining-source.md)
|
||||||
- [Building Nix from Source](installation/building-source.md)
|
- [Building Nix from Source](installation/building-source.md)
|
||||||
- [Using Nix within Docker](installation/installing-docker.md)
|
- [Using Nix within Docker](installation/installing-docker.md)
|
||||||
- [Multi-User Mode](installation/multi-user.md)
|
- [Security](installation/nix-security.md)
|
||||||
- [Environment Variables](installation/env-variables.md)
|
- [Environment Variables](installation/env-variables.md)
|
||||||
- [Upgrading Nix](installation/upgrading.md)
|
- [Upgrading Nix](installation/upgrading.md)
|
||||||
- [Uninstalling Nix](installation/uninstall.md)
|
- [Uninstalling Nix](installation/uninstall.md)
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,85 @@
|
||||||
# Security
|
# Security
|
||||||
|
|
||||||
Nix has two basic security models. First, it can be used in “single-user
|
Nix follows a [**multi-user**](#multi-user-model) security model in which all
|
||||||
mode”, which is similar to what most other package management tools do:
|
users can perform package management operations. Every user can, for example,
|
||||||
there is a single user (typically root) who performs all package
|
install software without requiring root privileges, and Nix ensures that this
|
||||||
management operations. All other users can then use the installed
|
is secure. It's *not* possible for one user to, for example, overwrite a
|
||||||
packages, but they cannot perform package management operations
|
package used by another user with a Trojan horse.
|
||||||
themselves.
|
|
||||||
|
|
||||||
Alternatively, you can configure Nix in “multi-user mode”. In this
|
## Multi-User model
|
||||||
model, all users can perform package management operations — for
|
|
||||||
instance, every user can install software without requiring root
|
To allow a Nix store to be shared safely among multiple users, it is
|
||||||
privileges. Nix ensures that this is secure. For instance, it’s not
|
important that users are not able to run builders that modify the Nix
|
||||||
possible for one user to overwrite a package used by another user with a
|
store or database in arbitrary ways, or that interfere with builds
|
||||||
Trojan horse.
|
started by other users. If they could do so, they could install a Trojan
|
||||||
|
horse in some package and compromise the accounts of other users.
|
||||||
|
|
||||||
|
To prevent this, the Nix store and database are owned by some privileged
|
||||||
|
user (usually `root`) and builders are executed under special user
|
||||||
|
accounts (usually named `nixbld1`, `nixbld2`, etc.). When a unprivileged
|
||||||
|
user runs a Nix command, actions that operate on the Nix store (such as
|
||||||
|
builds) are forwarded to a *Nix daemon* running under the owner of the
|
||||||
|
Nix store/database that performs the operation.
|
||||||
|
|
||||||
|
> **Note**
|
||||||
|
>
|
||||||
|
> Multi-user mode has one important limitation: only root and a set of
|
||||||
|
> trusted users specified in `nix.conf` can specify arbitrary binary
|
||||||
|
> caches. So while unprivileged users may install packages from
|
||||||
|
> arbitrary Nix expressions, they may not get pre-built binaries.
|
||||||
|
|
||||||
|
### Setting up the build users
|
||||||
|
|
||||||
|
The *build users* are the special UIDs under which builds are performed.
|
||||||
|
They should all be members of the *build users group* `nixbld`. This
|
||||||
|
group should have no other members. The build users should not be
|
||||||
|
members of any other group. On Linux, you can create the group and users
|
||||||
|
as follows:
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ groupadd -r nixbld
|
||||||
|
$ for n in $(seq 1 10); do useradd -c "Nix build user $n" \
|
||||||
|
-d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
|
||||||
|
nixbld$n; done
|
||||||
|
```
|
||||||
|
|
||||||
|
This creates 10 build users. There can never be more concurrent builds
|
||||||
|
than the number of build users, so you may want to increase this if you
|
||||||
|
expect to do many builds at the same time.
|
||||||
|
|
||||||
|
### Running the daemon
|
||||||
|
|
||||||
|
The [Nix daemon](../command-ref/nix-daemon.md) should be started as
|
||||||
|
follows (as `root`):
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ nix-daemon
|
||||||
|
```
|
||||||
|
|
||||||
|
You’ll want to put that line somewhere in your system’s boot scripts.
|
||||||
|
|
||||||
|
To let unprivileged users use the daemon, they should set the
|
||||||
|
[`NIX_REMOTE` environment variable](../command-ref/env-common.md) to
|
||||||
|
`daemon`. So you should put a line like
|
||||||
|
|
||||||
|
```console
|
||||||
|
export NIX_REMOTE=daemon
|
||||||
|
```
|
||||||
|
|
||||||
|
into the users’ login scripts.
|
||||||
|
|
||||||
|
### Restricting access
|
||||||
|
|
||||||
|
To limit which users can perform Nix operations, you can use the
|
||||||
|
permissions on the directory `/nix/var/nix/daemon-socket`. For instance,
|
||||||
|
if you want to restrict the use of Nix to the members of a group called
|
||||||
|
`nix-users`, do
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ chgrp nix-users /nix/var/nix/daemon-socket
|
||||||
|
$ chmod ug=rwx,o= /nix/var/nix/daemon-socket
|
||||||
|
```
|
||||||
|
|
||||||
|
This way, users who are not in the `nix-users` group cannot connect to
|
||||||
|
the Unix domain socket `/nix/var/nix/daemon-socket/socket`, so they
|
||||||
|
cannot perform Nix operations.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue