diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-08-30T09·50+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2007-08-30T09·50+0000 |
commit | 0d65fc08e2f7e69976ab91271024a87dbeef380d (patch) | |
tree | 8276ec01bd428d3be6422eb71e25ed8dec247ae1 /src/libstore | |
parent | cb1c1004cdd582abe67146ab3904bd88de3a1d4e (diff) |
* Create the Nix daemon socket in a separate directory
(/nix/var/nix/daemon-socket). This allows access to the Nix daemon to be restricted by setting the mode/ownership on that directory as desired, e.g. $ chmod 770 /nix/var/nix/daemon-socket $ chown root.wheel /nix/var/nix/daemon-socket to allow only users in the wheel group to use Nix. Setting the ownership on a socket is much trickier, since the socket must be deleted and recreated every time the daemon is started (which would require additional Nix configuration file directives to specify the mode/ownership, and wouldn't support arbitrary ACLs), some BSD variants appear to ignore permissions on sockets, and it's not clear whether the umask is respected on every platform when creating sockets.
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/worker-protocol.hh | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/libstore/worker-protocol.hh b/src/libstore/worker-protocol.hh index 56d03af55be3..f3b63151dbfb 100644 --- a/src/libstore/worker-protocol.hh +++ b/src/libstore/worker-protocol.hh @@ -38,9 +38,12 @@ typedef enum { #define STDERR_ERROR 0x63787470 -/* The default location of the daemon socket, relative to - nixStateDir. */ -#define DEFAULT_SOCKET_PATH "/daemon.socket" +/* The default location of the daemon socket, relative to nixStateDir. + The socket is in a directory to allow you to control access to the + Nix daemon by setting the mode/ownership of the directory + appropriately. (This wouldn't work on the socket itself since it + must be deleted and recreated on startup.) */ +#define DEFAULT_SOCKET_PATH "/daemon-socket/socket" Path readStorePath(Source & from); |