[Nix-dev] [PATCH] authorized_keys in users.extraUsers
Rickard Nilsson
rickard.nilsson at telia.com
Tue Oct 18 07:48:46 CEST 2011
Hi Marc,
Den 2011-10-18 01:08:52 skrev Marc Weber <marco-oweber at gmx.de>:
> How does it work? I mean if you drop files from configuration.nix,
> will they be removed from the authorized file again?
The straightforward way to handle it is to write all Nix-generated
keys at the end of the file, marked by some "DO NOT EDIT" comment.
Then Nix can replace that whole section on activation.
> Because authorized keys is a very sensitive file - should there be a
> cron-job checking its contents and permissions on a regular basis?
As long as authorized_keys isn't world-writeable, there isn't anything
particular sensitive about it. If the file exists, the activation
script should not mess with the owner or permissions. If it doesn't
exist the owner should be set to the concerned user, and permissions
to 644. One could also imagine the possibility to specify
owner/permissions in configuration.nix, but if you go down that road
it might make more sense to let Nix control authorized_keys
completely, and make proper builds of it in the store.
/ Rickard
>
> Marc Weber
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list