nix-daemon: Add trusted-users and allowed-users options

‘trusted-users’ is a list of users and groups that have elevated rights, such as the ability to specify binary caches. It defaults to ‘root’. A typical value would be ‘@wheel’ to specify all users in the wheel group. ‘allowed-users’ is a list of users and groups that are allowed to connect to the daemon. It defaults to ‘*’. A typical value would be ‘@users’ to specify the ‘users’ group.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-07-17T14·57+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2014-07-17T14·57+0200
commit: 049c0eb49c621ae50f49c8a06dc6c3a9839ef388 (patch)
tree: 63c0f299510adda0e21c7d323917eefcd5e1f6ce /src/libstore/globals.cc
parent: 0c730887c4ec4a03fb854490e422c134a1bf8139 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 60bc1dba13ff..2bfebb77a130 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -63,6 +63,8 @@ Settings::Settings()
     lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
     showTrace = false;
     enableImportNative = false;
+    trustedUsers = Strings({"root"});
+    allowedUsers = Strings({"*"});
 }
 
 
@@ -152,6 +154,8 @@ void Settings::update()
     get(logServers, "log-servers");
     get(enableImportNative, "allow-unsafe-native-code-during-evaluation");
     get(useCaseHack, "use-case-hack");
+    get(trustedUsers, "trusted-users");
+    get(allowedUsers, "allowed-users");
 
     string subs = getEnv("NIX_SUBSTITUTERS", "default");
     if (subs == "default") {
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-07-17T14·57+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2014-07-17T14·57+0200
commit	049c0eb49c621ae50f49c8a06dc6c3a9839ef388 (patch)
tree	63c0f299510adda0e21c7d323917eefcd5e1f6ce /src/libstore/globals.cc
parent	0c730887c4ec4a03fb854490e422c134a1bf8139 (diff)