[Nix-dev] Is it possible to limit nix access to sudoers and/or a group?
Eelco Dolstra
eelco.dolstra at logicblox.com
Fri Jan 20 13:07:40 CET 2017
Hi,
On 01/20/2017 03:15 AM, Mateusz Czaplinski wrote:
> I'd like to build a system where regular users cannot access nix
> commands, daemon, etc. Ideally, only users belonging to a particular
> group could access those. (Probably worse solution, but still
> acceptable, if this was limited to sudoers only.)
>
> Is it possible? If yes, how to do that on NixOS?
Yes, by setting allowed-users in nix.conf, or nix.allowedUsers in the NixOS
configuration, e.g.
nix.allowedUsers = [ "@wheel" ];
The default is "*". I've been thinking that it might be good to tighten this to
something like [ "root" "@users" ], to disallow (say) system daemons.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list