diff --git a/nix.conf.example b/nix.conf.example index fcdf6fccd9..e2735d1807 100644 --- a/nix.conf.example +++ b/nix.conf.example @@ -47,3 +47,34 @@ gc-keep-derivations = true # while this option was enabled, while `gc-keep-derivations' only # applies at the moment the garbage collector is run. env-keep-derivations = false + + +### Option `build-allow-root' +# +# This option controls Nix's behaviour when it is invoked under the +# `root' user (or setuid-root). If `true' (default), builds are +# performed under the `root' user. If `false', builds are performed +# under one of the users listed in the `build-users' option (see +# below). +build-allow-root = true + + +### Option `build-users' +# +# This option is only applicable if `build-allow-root' is `false' and +# Nix is invoked under the `root' user (or setuid-root). It contains +# a list of user names under which Nix can execute builds. Builds +# cannot be performed by root since that would allow users to take +# over the system by supplying specially crafted builders; and they +# cannot be performed by the calling user since that would allow +# him/her to influence the build result. +# +# Thus this list should contain a number of `special' user accounts +# created specifically for Nix, e.g., `nix-builder-1', +# `nix-builder-2', and so on. The more users the better, since at +# most a number of builds equal to the number of build users can be +# started. +# +# Example: +# build-users = nix-builder-1 nix-builder-2 nix-builder-3 +build-users = diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 4387c8acc2..8cbae54e20 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -11,16 +11,13 @@ string nixDBPath = "/UNINIT"; string nixConfDir = "/UNINIT"; bool keepFailed = false; - bool keepGoing = false; - bool tryFallback = false; - Verbosity buildVerbosity = lvlInfo; - unsigned int maxBuildJobs = 1; - bool readOnlyMode = false; +bool buildAllowRoot = true; +list buildUsers; static bool settingsRead = false; diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index e2ae2ed655..327b1bbc3d 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -2,6 +2,7 @@ #define __GLOBALS_H #include +#include #include "util.hh" using namespace std; @@ -52,6 +53,15 @@ extern unsigned int maxBuildJobs; database. */ extern bool readOnlyMode; +/* Whether to allow builds by root. Corresponds to the + `build-allow-root' configuration option. */ +extern bool buildAllowRoot; + +/* The list of users under which root-initiated builds can be + performed. Correspons to the `build-users' configuration + option. */ +extern list buildUsers; + string querySetting(const string & name, const string & def);