summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2013-11-14 11:57:37 +0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2013-11-14 11:57:37 +0100
commita478e8a7bb8c24da0ac91b7100bd0e422035c62f (patch)
tree238363db5630470775389033e88559bce83cb66c /doc
parent89e6781cc5885cbf6284a51c0403dded62ce8bc0 (diff)
downloadguix-a478e8a7bb8c24da0ac91b7100bd0e422035c62f.tar.gz
Remove nix-setuid-helper
AFAIK, nobody uses it, it's not maintained, and it has no tests.
Diffstat (limited to 'doc')
-rw-r--r--doc/manual/installation.xml78
-rw-r--r--doc/manual/release-notes.xml16
2 files changed, 18 insertions, 76 deletions
diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml
index 9d1a7e755c..a136d3b112 100644
--- a/doc/manual/installation.xml
+++ b/doc/manual/installation.xml
@@ -380,7 +380,7 @@ group should be the build users group, and it should have the sticky
 bit turned on (like <filename>/tmp</filename>):
 
 <screen>
-$ chgrp nixbld /nix/store
+$ chown root.nixbld /nix/store
 $ chmod 1775 /nix/store
 </screen>
 
@@ -401,15 +401,7 @@ build-users-group = nixbld
 </section>
 
 
-<section><title>Nix store/database owned by root</title>
-
-<para>The simplest setup is to let <literal>root</literal> own the Nix
-store and database.  I.e.,
-
-<screen>
-$ chown -R root /nix/store /nix/var/nix</screen>
-
-</para>
+<section><title>Running the daemon</title>
 
 <para>The <link linkend="sec-nix-daemon">Nix daemon</link> should be
 started as follows (as <literal>root</literal>):
@@ -433,72 +425,6 @@ into the users’ login scripts.</para>
 </section>
 
 
-<section><title>Nix store/database not owned by root</title>
-
-<para>It is also possible to let the Nix store and database be owned
-by a non-root user, which should be more secure<footnote><para>Note
-however that even when the Nix daemon runs as root, not
-<emphasis>that</emphasis> much code is executed as root: Nix
-expression evaluation is performed by the calling (unprivileged) user,
-and builds are performed under the special build user accounts.  So
-only the code that accesses the database and starts builds is executed
-as <literal>root</literal>.</para></footnote>.  Typically, this user
-is a special account called <literal>nix</literal>, but it can be
-named anything.  It should own the Nix store and database:
-
-<screen>
-$ chown -R nix /nix/store /nix/var/nix</screen>
-
-and of course <command>nix-daemon</command> should be started under
-that user, e.g.,
-
-<screen>
-$ su - nix -c "exec /nix/bin/nix-daemon"</screen>
-
-</para>
-
-<para>There is a catch, though: non-<literal>root</literal> users
-cannot start builds under the build user accounts, since the
-<function>setuid</function> system call is obviously privileged.  To
-allow a non-<literal>root</literal> Nix daemon to use the build user
-feature, it calls a setuid-root helper program,
-<command>nix-setuid-helper</command>.  This program is installed in
-<filename><replaceable>prefix</replaceable>/libexec/nix-setuid-helper</filename>.
-To set the permissions properly (Nix’s <command>make install</command>
-doesn’t do this, since we don’t want to ship setuid-root programs
-out-of-the-box):
-
-<screen>
-$ chown root.root /nix/libexec/nix-setuid-helper
-$ chmod 4755 /nix/libexec/nix-setuid-helper
-</screen>
-
-(This example assumes that the Nix binaries are installed in
-<filename>/nix</filename>.)</para>
-
-<para>Of course, the <command>nix-setuid-helper</command> command
-should not be usable by just anybody, since then anybody could run
-commands under the Nix build user accounts.  For that reason there is
-a configuration file <filename>/etc/nix-setuid.conf</filename> that
-restricts the use of the helper.  This file should be a text file
-containing precisely two lines, the first being the Nix daemon user
-and the second being the build users group, e.g.,
-
-<programlisting>
-nix
-nixbld
-</programlisting>
-
-The setuid-helper barfs if it is called by a user other than the one
-specified on the first line, or if it is asked to execute a build
-under a user who is not a member of the group specified on the second
-line.  The file <filename>/etc/nix-setuid.conf</filename> must be
-owned by root, and must not be group- or world-writable.  The
-setuid-helper barfs if this is not the case.</para>
-
-</section>
-
-
 <section><title>Restricting access</title>
 
 <para>To limit which users can perform Nix operations, you can use the
diff --git a/doc/manual/release-notes.xml b/doc/manual/release-notes.xml
index 5d057881db..3db0838704 100644
--- a/doc/manual/release-notes.xml
+++ b/doc/manual/release-notes.xml
@@ -7,6 +7,22 @@
 
 <!--==================================================================-->
 
+<section xml:id="ssec-relnotes-1.7"><title>Release 1.7 (TBA)</title>
+
+<para>This release has the following changes:</para>
+
+<itemizedlist>
+
+  <listitem><para><command>nix-setuid-helper</command> is
+  gone.</para></listitem>
+
+</itemizedlist>
+
+</section>
+
+
+<!--==================================================================-->
+
 <section xml:id="ssec-relnotes-1.6.1"><title>Release 1.6.1 (October 28, 2013)</title>
 
 <para>This is primarily a bug fix release.  Changes of interest