Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move trustedUsers and allowedUsers to separate config struct #7739

Merged
merged 1 commit into from
Feb 3, 2023
Merged

Move trustedUsers and allowedUsers to separate config struct #7739

merged 1 commit into from
Feb 3, 2023

Conversation

Ericson2314
Copy link
Member

Motivation

These settings are not needed for libstore at all, they are just used by the nix daemon command for authorization on unix domain sockets. My moving them to a new configuration struct just in that file, we avoid them leaking anywhere else.

Also, it is good to break up the mammoth Settings struct in general. Issue #5638 tracks this.

Context

The message is not changed because I do not want to regress in convenience to the user. Just saying "this connection is not trusted" doesn't tell them out to fix the issue. The ideal thing to do would be to somehow parameterize processCommand on how the error should be displayed, so different sorts of connections can display different information to the user based on how authentication is performed for the connection in question. This, however, is a good bit more work, so it is left for the future.

This came up with me thinking about the tcp:// store (#5265). The larger project is not TCP per se, but the idea that it should be possible for something else to manage access control to services like the Nix Daemon, and those services simply trust or trust the incoming connection as they are told. This is a more capability-oriented way of thinking about trust than "every server implements its own auth separately" as we are used to today.

Its very great that libstore itself already implements just this model, and so via this refactor I basically want to "enshrine" that so it continues to be the case.

Checklist for maintainers

Maintainers: tick if completed or explain if not relevant

  • agreed on idea
  • agreed on implementation strategy
  • tests, as appropriate
    • functional tests - tests/**.sh
    • unit tests - src/*/tests
    • integration tests - tests/nixos/*
  • documentation in the manual
  • code and comments are self-explanatory
  • commit message explains why the change was made
  • new feature or bug fix: updated release notes

@Ericson2314 Ericson2314 requested a review from roberth February 2, 2023 19:15
@Ericson2314
Move trustedUsers and allowedUsers to separate config struct
a47e055 
These settings are not needed for libstore at all, they are just used by
the nix daemon *command* for authorization on unix domain sockets. My
moving them to a new configuration struct just in that file, we avoid
them leaking anywhere else.

Also, it is good to break up the mammoth `Settings` struct in general.
Issue NixOS#5638 tracks this.

The message is not changed because I do not want to regress in
convenience to the user. Just saying "this connection is not trusted"
doesn't tell them out to fix the issue. The ideal thing to do would be
to somehow parameterize `processCommand` on how the error should be
displayed, so different sorts of connections can display different
information to the user based on how authentication is performed for the
connection in question. This, however, is a good bit more work, so it is
left for the future.

This came up with me thinking about the tcp:// store (NixOS#5265). The larger
project is not TCP *per se*, but the idea that it should be possible for
something else to manage access control to services like the Nix Daemon,
and those services simply trust or trust the incoming connection as they
are told. This is a more capability-oriented way of thinking about trust
than "every server implements its own auth separately" as we are used to today.

Its very great that libstore itself already implements just this model,
and so via this refactor I basically want to "enshrine" that so it
continues to be the case.
@Ericson2314 Ericson2314 mentioned this pull request Feb 2, 2023
Draft
@edolstra edolstra merged commit dbe0748 into NixOS:master Feb 3, 2023
@Ericson2314 Ericson2314 deleted the user-settings branch February 3, 2023 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

@thufschmitt thufschmitt Awaiting requested review from thufschmitt

@roberth roberth Awaiting requested review from roberth

Assignees
No one assigned
Labels
None yet
Projects
Nix team
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Ericson2314 @edolstra