From 7536fe31dd8c162026d517521dc49b5d9286bfb1 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 21 Nov 2017 18:49:52 +0100
Subject: Add a warning about the 'trusted-users' option

---
 doc/manual/command-ref/conf-file.xml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'doc/manual/command-ref/conf-file.xml')

diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 868cca1da409..e52cbcd535e3 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -543,11 +543,12 @@ password <replaceable>my-password</replaceable>
       <literal>wheel</literal> group. The default is
       <literal>root</literal>.</para>
 
-      <warning><para>The users listed here have the ability to
-      compromise the security of a multi-user Nix store. For instance,
-      they could install Trojan horses subsequently executed by other
-      users. So you should consider carefully whether to add users to
-      this list.</para></warning>
+      <warning><para>Adding a user to <option>trusted-users</option>
+      is essentially equivalent to giving that user root access to the
+      system. For example, the user can set
+      <option>sandbox-paths</option> and thereby obtain read access to
+      directories that are otherwise inacessible to
+      them.</para></warning>
 
     </listitem>
 
-- 
cgit 1.4.1