mirror of
https://github.com/NixOS/nix
synced 2024-09-20 11:11:03 -04:00
0d65fc08e2
(/nix/var/nix/daemon-socket). This allows access to the Nix daemon
to be restricted by setting the mode/ownership on that directory as
desired, e.g.
$ chmod 770 /nix/var/nix/daemon-socket
$ chown root.wheel /nix/var/nix/daemon-socket
to allow only users in the wheel group to use Nix.
Setting the ownership on a socket is much trickier, since the socket
must be deleted and recreated every time the daemon is started
(which would require additional Nix configuration file directives to
specify the mode/ownership, and wouldn't support arbitrary ACLs),
some BSD variants appear to ignore permissions on sockets, and it's
not clear whether the umask is respected on every platform when
creating sockets.
|
||
|---|---|---|
| .. | ||
| build.cc | ||
| db.cc | ||
| db.hh | ||
| derivations-ast.def | ||
| derivations.cc | ||
| derivations.hh | ||
| gc.cc | ||
| globals.cc | ||
| globals.hh | ||
| local-store.cc | ||
| local-store.hh | ||
| Makefile.am | ||
| misc.cc | ||
| misc.hh | ||
| pathlocks.cc | ||
| pathlocks.hh | ||
| references.cc | ||
| references.hh | ||
| remote-store.cc | ||
| remote-store.hh | ||
| store-api.cc | ||
| store-api.hh | ||
| worker-protocol.hh | ||