Nix Security Models: Single-User vs. Multi-User

doc/manual/source/installation/nix-security.md

320e293b27a3a9a7d4195a51e26f75db2460431305cf509500000003000002d9

# Security

Nix has two basic security models. First, it can be used in “single-user
mode”, which is similar to what most other package management tools do:
there is a single user (typically root) who performs all package
management operations. All other users can then use the installed
packages, but they cannot perform package management operations
themselves.

Alternatively, you can configure Nix in “multi-user mode”. In this
model, all users can perform package management operations — for
instance, every user can install software without requiring root
privileges. Nix ensures that this is secure. For instance, it’s not
possible for one user to overwrite a package used by another user with a
Trojan horse.

Chunks

baa8a522 (1st chunk of `doc/manual/source/installation/nix-security.md`)

Title: Nix Security Models: Single-User vs. Multi-User

Summary

Nix offers two security models: single-user, where only one user (typically root) manages packages, and multi-user, where all users can manage packages securely without requiring root privileges. Multi-user mode prevents users from compromising each other's packages.