about summary refs log tree commit diff
path: root/doc/manual/installation.xml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/manual/installation.xml')
-rw-r--r--doc/manual/installation.xml15
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml
index 9d80351298b1..b6cc6e7f9bbd 100644
--- a/doc/manual/installation.xml
+++ b/doc/manual/installation.xml
@@ -205,6 +205,21 @@ on systems that have the <function>setresuid()</function> system call
 (such as Linux and FreeBSD), so on those systems the binaries are
 simply owned by the Nix user.</para></warning>
 
+
+
+<!--
+
+warning: the nix-builders group should contain *only* the Nix
+builders, and nothing else.  If the Nix account is compromised, you
+can execute programs under the accounts in the nix-builders group, so
+it obviously shouldn’t contain any “real” user accounts.  So don’t use
+an existing group like <literal>users</literal> — just create a new
+one.
+
+-->
+
+
+
 </section>
 
 </section>