about summary refs log tree commit diff
path: root/doc/manual
diff options
context:
space:
mode:
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/installation.xml61
1 files changed, 12 insertions, 49 deletions
diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml
index a7140910604f..423bef5e22a8 100644
--- a/doc/manual/installation.xml
+++ b/doc/manual/installation.xml
@@ -308,7 +308,7 @@ a Trojan horse.</para>
 
 
 <section><title>Single-user mode</title>
-  
+
 <para>In single-user mode, all Nix operations that access the database
 in <filename><replaceable>prefix</replaceable>/var/nix/db</filename>
 or modify the Nix store in
@@ -354,58 +354,21 @@ done by <systemitem class="username">root</systemitem>.</para></note>
 
 <para>The <emphasis>build users</emphasis> are the special UIDs under
 which builds are performed.  They should all be members of the
-<emphasis>build users group</emphasis> (usually called
-<literal>nixbld</literal>).  This group should have no other members.
-The build users should not be members of any other group.</para>
-
-<para>Here is a typical <filename>/etc/group</filename> definition of
-the build users group with 10 build users:
-
-<programlisting>
-nixbld:!:30000:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10
-</programlisting>
-
-In this example the <literal>nixbld</literal> group has UID 30000, but
-of course it can be anything that doesn’t collide with an existing
-group.</para>
-
-<para>Here is the corresponding part of
-<filename>/etc/passwd</filename>:
-
-<programlisting>
-nixbld1:x:30001:65534:Nix build user 1:/var/empty:/noshell
-nixbld2:x:30002:65534:Nix build user 2:/var/empty:/noshell
-nixbld3:x:30003:65534:Nix build user 3:/var/empty:/noshell
-...
-nixbld10:x:30010:65534:Nix build user 10:/var/empty:/noshell
-</programlisting>
-
-The home directory of the build users should not exist or should be an
-empty directory to which they do not have write access.</para>
-
-<para>The build users should have write access to the Nix store, but
-they should not have the right to delete files.  Thus the Nix store’s
-group should be the build users group, and it should have the sticky
-bit turned on (like <filename>/tmp</filename>):
+<emphasis>build users group</emphasis> <literal>nixbld</literal>.
+This group should have no other members.  The build users should not
+be members of any other group. On Linux, you can create the group and
+users as follows:
 
 <screen>
-$ chown root.nixbld /nix/store
-$ chmod 1775 /nix/store
+$ groupadd -r nixbld
+$ for n in $(seq 1 10); do useradd -c "Nix build user $n" \
+    -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
+    nixbld$n; done
 </screen>
 
-</para>
-
-<para>Finally, you should tell Nix to use the build users by
-specifying the build users group in the <link
-linkend="conf-build-users-group"><literal>build-users-group</literal>
-option</link> in the <link linkend="sec-conf-file">Nix configuration
-file</link> (usually <literal>/etc/nix/nix.conf</literal>):
-
-<programlisting>
-build-users-group = nixbld
-</programlisting>
-
-</para>
+This creates 10 build users. There can never be more concurrent builds
+than the number of build users, so you may want to increase this if
+you expect to do many builds at the same time.</para>
 
 </section>