You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed on my new multi-user Nix install on macOS that fetches and store operations are performed as the root user. Builds are done by a nixbld user, as expected.
On macOS, at least, the store is g+w and the group is nixbld, so store operations should be done as a nixbld user for reasons of least privilege -- ditto for downloads.
On irc, @grahamc confirmed that this behavior is also manifest on NixOS. Presumably this behavior is also unwanted there.
Steps to reproduce
Use nix-env to build a package that hits the cache. While this is downloading and unpacking, use ps auxww | grep nix and observe that the downloads and store operations are performed by root.
The text was updated successfully, but these errors were encountered:
Issue description
I noticed on my new multi-user Nix install on macOS that fetches and store operations are performed as the
root
user. Builds are done by anixbld
user, as expected.On macOS, at least, the store is
g+w
and the group isnixbld
, so store operations should be done as anixbld
user for reasons of least privilege -- ditto for downloads.On irc, @grahamc confirmed that this behavior is also manifest on NixOS. Presumably this behavior is also unwanted there.
Steps to reproduce
Use
nix-env
to build a package that hits the cache. While this is downloading and unpacking, useps auxww | grep nix
and observe that the downloads and store operations are performed byroot
.The text was updated successfully, but these errors were encountered: