Nix claims “non-privileged users can securely install software.” However, a user could fill up the nix store. Has anybody thought about how this can be mitigated? Quotas seem complicated, because the closure size of a user quota isn’t really relevant without knowing the overlap with other closures.
Two ideas come to my mind:
- Measure the relative closure size compared to the other users and use relative quotas or something like that. Probably complicated to invent a meaningful measure and to implement?
- Use classical quotas and user specific nix stores via chroot. But then, there is plenty of wasted space (without deduplication).
Has anybody used real multi-user NixOS?
Has anyone thought about this problem? Or is there even a canonical answer to it (due to Mark Shuttleworth or the pope – decide yourself)?