Managing users with sysusers.d

I was reading this article on Phoronix about Fedora 32 switching to sysusers.d, and I was wondering how NixOS handles users currently. The declarative way and idempotent implementation of sysusers.d sounded a lot like some of the guaranties we have in NixOS currently when we put users on immutability.

After making some research, I found out that it’s mainly a perl script that handles this logic on NixOS side.

I was wondering if sysusers.d could achieve the same result as the perl script ? I have the feeling that it could work, but I’m not sure since I do not deeply understand NixOS yet :slight_smile:.

PS : This question sprung out of curiosity as a way to understand more deeply how works NixOS, it is not a suggestion in any kind of way.

Your understanding is correct, especially about idempotency.

Now, the evil resides in details. From what I could see, sysusers.d
creates a group of the same name as the user to be used as the
primary group. In NixOS, we use the users group as default for
all the users.

  I guess there may be other subtle discrepancies like that, that

would make any migration a breaking change.

Maybe investigating this could/should be added under ?

Sysusers.d and our Perl script indeed serve the same purpose. The one just predates the other. If it already existed we would’ve probably used sysusers.d I think.

Given that the perl script is relatively complete I see no reason to actively replace it. One good reason could be if we ever decide to get rid of perl as a NixOS dependency to reduce closure size.

Getting rid of perl is a good goal I think. Plus, I forget which, but one of the few remaining perl scripts in NixOS is the biggest reason NixOS can’t be cross compiled without patches.


This RFC might also be of interest to OP: