treewide: Switch to system users #71055
Conversation
|
Nice, I planned to do this as part of NixOS/rfcs#52. This should be backwards compatible as I check recently. Currently there is a limit of 100 dynamic system users, but #65698 will increase this, so this shouldn't be a problem. |
|
@infinisil Yes, it seems like switch-to-configuration prints a warning but doesn't change UIDs of existing users. Also, as this only modifys 47 users, I doubt this PR will be the cause of UID exhaustion ;) |
|
Okay, I stand corrected. 100 is probably not enough. Looks like #65698 should be merged first |
|
Well the system uid range isn't only for nixpkgs. People could define lots of services outside of nixpkgs. And 100 services being enabled over the lifetime of a system doesn't seem far fetched. So I'd like the PR for increasing this limit be merged first. Should be quick after the RFC is accepted, which will be in less than a week. |
|
@asymmetric Unfortunately, the command is not in my shell history anymore. I was able to reproduce it, so this one is pretty similar: Idk about the PR prefix, maybe someone with more experience can help me out here |
|
So the new policy would be: Every service should use either |
|
I mentioned in the RFC that something like this should be added to the manual, haven't done that yet |
treewide: Switch to system users (cherry picked from commit dd0a47e)
treewide: Switch to system users (cherry picked from commit dd0a47e)
Could somebody with Borg permission run the tests?
Motivation for this change
It's annoying to have users (actual people) with fixed UIDs and services clashing for UIDs.
Things done
sandboxinnix.confon non-NixOS)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @