[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
46/64: Simplify multi-user installation instructions
From: |
Ludovic Courtès |
Subject: |
46/64: Simplify multi-user installation instructions |
Date: |
Mon, 05 Jan 2015 16:39:07 +0000 |
civodul pushed a commit to branch nix
in repository guix.
commit a8c31d501185c42de477a7e833af956d68e095c3
Author: Eelco Dolstra <address@hidden>
Date: Fri May 2 14:44:44 2014 +0200
Simplify multi-user installation instructions
---
doc/manual/installation.xml | 61 ++++++++----------------------------------
1 files changed, 12 insertions(+), 49 deletions(-)
diff --git a/doc/manual/installation.xml b/doc/manual/installation.xml
index a714091..423bef5 100644
--- a/doc/manual/installation.xml
+++ b/doc/manual/installation.xml
@@ -308,7 +308,7 @@ a Trojan horse.</para>
<section><title>Single-user mode</title>
-
+
<para>In single-user mode, all Nix operations that access the database
in <filename><replaceable>prefix</replaceable>/var/nix/db</filename>
or modify the Nix store in
@@ -354,58 +354,21 @@ done by <systemitem
class="username">root</systemitem>.</para></note>
<para>The <emphasis>build users</emphasis> are the special UIDs under
which builds are performed. They should all be members of the
-<emphasis>build users group</emphasis> (usually called
-<literal>nixbld</literal>). This group should have no other members.
-The build users should not be members of any other group.</para>
-
-<para>Here is a typical <filename>/etc/group</filename> definition of
-the build users group with 10 build users:
-
-<programlisting>
-nixbld:!:30000:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10
-</programlisting>
-
-In this example the <literal>nixbld</literal> group has UID 30000, but
-of course it can be anything that doesn’t collide with an existing
-group.</para>
-
-<para>Here is the corresponding part of
-<filename>/etc/passwd</filename>:
-
-<programlisting>
-nixbld1:x:30001:65534:Nix build user 1:/var/empty:/noshell
-nixbld2:x:30002:65534:Nix build user 2:/var/empty:/noshell
-nixbld3:x:30003:65534:Nix build user 3:/var/empty:/noshell
-...
-nixbld10:x:30010:65534:Nix build user 10:/var/empty:/noshell
-</programlisting>
-
-The home directory of the build users should not exist or should be an
-empty directory to which they do not have write access.</para>
-
-<para>The build users should have write access to the Nix store, but
-they should not have the right to delete files. Thus the Nix store’s
-group should be the build users group, and it should have the sticky
-bit turned on (like <filename>/tmp</filename>):
+<emphasis>build users group</emphasis> <literal>nixbld</literal>.
+This group should have no other members. The build users should not
+be members of any other group. On Linux, you can create the group and
+users as follows:
<screen>
-$ chown root.nixbld /nix/store
-$ chmod 1775 /nix/store
+$ groupadd -r nixbld
+$ for n in $(seq 1 10); do useradd -c "Nix build user $n" \
+ -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
+ nixbld$n; done
</screen>
-</para>
-
-<para>Finally, you should tell Nix to use the build users by
-specifying the build users group in the <link
-linkend="conf-build-users-group"><literal>build-users-group</literal>
-option</link> in the <link linkend="sec-conf-file">Nix configuration
-file</link> (usually <literal>/etc/nix/nix.conf</literal>):
-
-<programlisting>
-build-users-group = nixbld
-</programlisting>
-
-</para>
+This creates 10 build users. There can never be more concurrent builds
+than the number of build users, so you may want to increase this if
+you expect to do many builds at the same time.</para>
</section>
- 33/64: If a .drv cannot be parsed, show its path, (continued)
- 33/64: If a .drv cannot be parsed, show its path, Ludovic Courtès, 2015/01/05
- 40/64: trunk -> master, Ludovic Courtès, 2015/01/05
- 17/64: Pass position information to primop calls, Ludovic Courtès, 2015/01/05
- 32/64: Simplify quick start section, Ludovic Courtès, 2015/01/05
- 43/64: Set build-max-jobs to the number of available cores by default, Ludovic Courtès, 2015/01/05
- 41/64: doc fix: swap 'import' and 'export', Ludovic Courtès, 2015/01/05
- 28/64: Ensure that systemd units to into lib, not lib64, Ludovic Courtès, 2015/01/05
- 36/64: Bump version to 1.8, Ludovic Courtès, 2015/01/05
- 44/64: Install an Upstart service, Ludovic Courtès, 2015/01/05
- 45/64: Set up directories and permissions for multi-user install automatically, Ludovic Courtès, 2015/01/05
- 46/64: Simplify multi-user installation instructions,
Ludovic Courtès <=
- 49/64: Add ubuntu 14.04, Ludovic Courtès, 2015/01/05
- 48/64: Don't install Upstart job on Fedora, Ludovic Courtès, 2015/01/05
- 51/64: Really fix the RPM builds, Ludovic Courtès, 2015/01/05
- 50/64: Fix RPM build, Ludovic Courtès, 2015/01/05
- 53/64: fix typo, Ludovic Courtès, 2015/01/05
- 52/64: Shortcut already-hardlinked files, Ludovic Courtès, 2015/01/05
- 54/64: nix-instantiate --eval: Apply auto-arguments if the result is a function, Ludovic Courtès, 2015/01/05
- 47/64: Fix Debian tests, Ludovic Courtès, 2015/01/05
- 60/64: Merge branch 'master' of github.com:wmertens/nix, Ludovic Courtès, 2015/01/05
- 58/64: Use the inodes given by readdir directly, Ludovic Courtès, 2015/01/05