[Nix-dev] [PATCH] authorized_keys in users.extraUsers
Marc Weber
marco-oweber at gmx.de
Tue Oct 18 11:00:25 CEST 2011
Excerpts from Rickard Nilsson's message of Tue Oct 18 07:48:46 +0200 2011:
> As long as authorized_keys isn't world-writeable, there isn't anything
> particular sensitive about it. If the file exists, the activation
> script should not mess with the owner or permissions. If it doesn't
> exist the owner should be set to the concerned user, and permissions
> to 644. One could also imagine the possibility to specify
> owner/permissions in configuration.nix, but if you go down that road
> it might make more sense to let Nix control authorized_keys
> completely, and make proper builds of it in the store.
Just want to say: I'm glad there is nix-store --check-contents. Running
that I know that everything is still fine (and that I didn't got
hacked). That's I'd prefer such check for some user accounts as well.
If the system checks it I don't have to .. But generating such a script
doing the check is trivial - so it may be OT.
Marc Weber
More information about the nix-dev
mailing list