NixOS installer: less privileged nixos user

ivanbrennan · January 20, 2020, 4:57pm

I’m installing NixOS 19.09, and after putting the minimal ISO on a USB and booting from it, I was prepared to set up my partitions. Referencing my notes from previous installs, I ran fdisk -l to list the current partitions, but got a bunch of “Permission denied” errors.

I see in the 19.09 release notes:

The installer now uses a less privileged nixos user whereas before we logged in as root. To gain root privileges use sudo -i without a password.

I could just run sudo -i and continue how I have in the past, but is this change is an indication that there’s a different approach that’s preferred?

Was the intent to encourage users to prepend sudo to the commands that need it, rather than logging in as root?

Or perhaps there’s a different use-case that motivated this change?

Melkor333 · January 21, 2020, 12:04pm

I think what it does is follow the best practice of never logging in with root.
I don’t know the exact reason but it‘s quite reasonable, as you should have to use sudo after the installation, too.
It also adds a security layer if somebody e.g. browses the web, connects to irc, etc. with the live boot - which might be a risk.
Especially if an old ISO with outdated software is used…

ElvishJerricco · January 21, 2020, 1:31pm

This is probably the real reason. People use live ISOs to troubleshoot their existing systems all the time, which can involve running all sorts of internet connected programs like a browser. So it’s much safer to have a permissions barrier between firefox/etc. and your real system’s data.