about summary refs log tree commit diff
path: root/third_party/nix/doc/manual/installation/nix-security.xml
blob: d888ff14d457982b592788619f4249d9929d6b12 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<chapter xmlns="http://docbook.org/ns/docbook"
      xmlns:xlink="http://www.w3.org/1999/xlink"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      version="5.0"
      xml:id="ch-nix-security">

<title>Security</title>

<para>Nix has two basic security models.  First, it can be used in
“single-user mode”, which is similar to what most other package
management tools do: there is a single user (typically <systemitem
class="username">root</systemitem>) who performs all package
management operations.  All other users can then use the installed
packages, but they cannot perform package management operations
themselves.</para>

<para>Alternatively, you can configure Nix in “multi-user mode”.  In
this model, all users can perform package management operations — for
instance, every user can install software without requiring root
privileges.  Nix ensures that this is secure.  For instance, it’s not
possible for one user to overwrite a package used by another user with
a Trojan horse.</para>

<xi:include href="single-user.xml" />
<xi:include href="multi-user.xml" />

</chapter>