Add a warning about the 'trusted-users' option

This commit is contained in:
Eelco Dolstra 2017-11-21 18:49:52 +01:00
parent 4fcf44825f
commit 7536fe31dd
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE

View file

@ -543,11 +543,12 @@ password <replaceable>my-password</replaceable>
<literal>wheel</literal> group. The default is <literal>wheel</literal> group. The default is
<literal>root</literal>.</para> <literal>root</literal>.</para>
<warning><para>The users listed here have the ability to <warning><para>Adding a user to <option>trusted-users</option>
compromise the security of a multi-user Nix store. For instance, is essentially equivalent to giving that user root access to the
they could install Trojan horses subsequently executed by other system. For example, the user can set
users. So you should consider carefully whether to add users to <option>sandbox-paths</option> and thereby obtain read access to
this list.</para></warning> directories that are otherwise inacessible to
them.</para></warning>
</listitem> </listitem>