Why does multi-user nix need multiple build users?

I was reading here: Multi-User Mode

I understand that the build user can’t be a regular system user, but I can’t seem to figure out why this is true: “There can never be more concurrent builds than the number of build users”

Mostly just curious, but is this because there is a way for builds under a certain user to impact other builds running under that same user?

This is discussed in guix as well: Build Environment Setup (GNU Guix Reference Manual)

Having several such users allows the daemon to launch distinct build processes under separate UIDs, which guarantees that they do not interfere with each other—an essential feature since builds are regarded as pure functions

Oh is this just because a single user can view the processing it is running and could introspect into the processes running within another build? Kill those processes or read their state?

Maybe that’s just it? Curious if there’s more.

2 Likes