Nix Security Models: Single-User vs. Multi-User

doc/manual/source/installation/nix-security.md

320e293b27a3a9a7d4195a51e26f75db2460431305cf509500000003000002d9

# Security

Nix has two basic security models. First, it can be used in “single-user
mode”, which is similar to what most other package management tools do:
there is a single user (typically root) who performs all package
management operations. All other users can then use the installed
packages, but they cannot perform package management operations
themselves.

Alternatively, you can configure Nix in “multi-user mode”. In this
model, all users can perform package management operations — for
instance, every user can install software without requiring root
privileges. Nix ensures that this is secure. For instance, it’s not
possible for one user to overwrite a package used by another user with a
Trojan horse.

Chunks

3eaa4c53 (1st chunk of `doc/manual/source/installation/nix-security.md`)

Title: Nix Security Models: Single-User vs. Multi-User

Summary

Nix offers two primary security models for package management. In 'single-user mode,' a single user (typically root) manages all package operations, while other users can only utilize installed software. Conversely, 'multi-user mode' allows all users to perform package management operations, such as installing software, without needing root privileges, with Nix providing security guarantees to prevent issues like one user overwriting another's packages.