(Brief context- I recently logged in to another distro and found that my systemd needed authentication using a username not present in my culture, turned out there was a new user created by someone) (most likely some old mirror getting hacked)
Are there any reading materials on how the NixOS’s “readonly” filesystem works? I’m not a total noob, having used Linux for almost 6 years full time but for me last year NixOS was the first time seeing a “read-only” file system. My goal with this exercise is to learn if NixOS grants any additional security to me or is the read-only thing superficial and easily bypassed.
I am pretty new to NixOS so maybe somebody will yell at me but: Yes, it’s superficial and easily by-passed.
Somebody will probably tell you that due to its declarative nature it’s easier to create a new installation from scratch to fix your problem with NixOS. This is technically true but there are usually manual steps involved, especially on non-server machines so in the end you are still doing a re-install.
Thank you, so I tried to find out some more and it looks like sudo mount /nix/store -o remount,rw can just remount the store as read-write and do whatever “bad” things they want to do…