diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2017-11-21T17·49+0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2017-11-21T17·49+0100 |
commit | 7536fe31dd8c162026d517521dc49b5d9286bfb1 (patch) | |
tree | 289502f55b4d10ef8e3ee23bae7d251ce1aa0dcd /doc/manual/command-ref/conf-file.xml | |
parent | 4fcf44825fbcfbc46fd6dfe48ea09164aa003647 (diff) |
Add a warning about the 'trusted-users' option
Diffstat (limited to 'doc/manual/command-ref/conf-file.xml')
-rw-r--r-- | doc/manual/command-ref/conf-file.xml | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index 868cca1da409..e52cbcd535e3 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -543,11 +543,12 @@ password <replaceable>my-password</replaceable> <literal>wheel</literal> group. The default is <literal>root</literal>.</para> - <warning><para>The users listed here have the ability to - compromise the security of a multi-user Nix store. For instance, - they could install Trojan horses subsequently executed by other - users. So you should consider carefully whether to add users to - this list.</para></warning> + <warning><para>Adding a user to <option>trusted-users</option> + is essentially equivalent to giving that user root access to the + system. For example, the user can set + <option>sandbox-paths</option> and thereby obtain read access to + directories that are otherwise inacessible to + them.</para></warning> </listitem> |