about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/globals.cc4
-rw-r--r--src/libstore/globals.hh9
2 files changed, 13 insertions, 0 deletions
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 60bc1dba13ff..2bfebb77a130 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -63,6 +63,8 @@ Settings::Settings()
     lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
     showTrace = false;
     enableImportNative = false;
+    trustedUsers = Strings({"root"});
+    allowedUsers = Strings({"*"});
 }
 
 
@@ -152,6 +154,8 @@ void Settings::update()
     get(logServers, "log-servers");
     get(enableImportNative, "allow-unsafe-native-code-during-evaluation");
     get(useCaseHack, "use-case-hack");
+    get(trustedUsers, "trusted-users");
+    get(allowedUsers, "allowed-users");
 
     string subs = getEnv("NIX_SUBSTITUTERS", "default");
     if (subs == "default") {
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 8dd59a9c7967..f1748336fdac 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -203,6 +203,15 @@ struct Settings {
     /* Whether the importNative primop should be enabled */
     bool enableImportNative;
 
+    /* List of users that have elevated rights in the Nix daemon, such
+       as the ability to specify additional binary caches, or to
+       import unsigned NARs. */
+    Strings trustedUsers;
+
+    /* List of users that are allowed to connect to the daemon, in
+       addition to the trusted users. These have normal rights. */
+    Strings allowedUsers;
+
 private:
     SettingsMap settings, overrides;
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-10-21T12ยท42+0000