From 049c0eb49c621ae50f49c8a06dc6c3a9839ef388 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 17 Jul 2014 16:57:07 +0200 Subject: nix-daemon: Add trusted-users and allowed-users options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ‘trusted-users’ is a list of users and groups that have elevated rights, such as the ability to specify binary caches. It defaults to ‘root’. A typical value would be ‘@wheel’ to specify all users in the wheel group. ‘allowed-users’ is a list of users and groups that are allowed to connect to the daemon. It defaults to ‘*’. A typical value would be ‘@users’ to specify the ‘users’ group. --- src/libstore/globals.cc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/libstore/globals.cc') diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 60bc1dba13ff..2bfebb77a130 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -63,6 +63,8 @@ Settings::Settings() lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1"; showTrace = false; enableImportNative = false; + trustedUsers = Strings({"root"}); + allowedUsers = Strings({"*"}); } @@ -152,6 +154,8 @@ void Settings::update() get(logServers, "log-servers"); get(enableImportNative, "allow-unsafe-native-code-during-evaluation"); get(useCaseHack, "use-case-hack"); + get(trustedUsers, "trusted-users"); + get(allowedUsers, "allowed-users"); string subs = getEnv("NIX_SUBSTITUTERS", "default"); if (subs == "default") { -- cgit 1.4.1