[Nix-dev] How can a normal user use nix?
Eelco Dolstra
eelco at cs.uu.nl
Fri Mar 3 13:35:15 CET 2006
Hi,
Clemens Tolboom wrote:
> Is it possible for a normal user to subscribe to nix packages?
>
> What i want is that user clemens is unable to expand the content
> of /nix/store but must be able to use content already available.
>
> Using /nix/etc/profile.d/nix.sh gives me only the default profile?
>
> But what about having diffent users/services in need for different
> profiles?
>
> Do i miss something or is it possible?
This is currently possible by installing the Nix binaries as setuid, see
http://nix.cs.uu.nl/dist/nix/nix-0.10pre4960/manual/#id2459080
In fact this is what we use in our student lab for several courses.
However, it's not secure: the users who are in the Nix group have to
trust each other.
The eventual goal is to allow untrusted users to share a Nix store in
such a way that anybody can install software. The trunk of the Nix
repository (0.10pre) contains code to securely allow anybody to install
Nix expressions from source (so without downloading pre-built binaries
from a server - there of course you have the problem that you don't know
whether the binaries correspond to the sources, and haven't been
tampered with). There is also an experimental branch
(nix/branches/secure in the repository) that also allows secure binary
installation, but it's not in a useable state yet.
By the way, on most single-user installations (like my laptop), we
typically just chown the /nix directory to the actual user, so you don't
have to be root for Nix operations.
--
Eelco Dolstra | http://www.cs.uu.nl/~eelco
More information about the nix-dev
mailing list