search

DeterminateSystems / nix-installer

Install Nix and flakes with the fast and reliable Determinate Nix Installer, with over 7 million installs.
https://determinate.systems
GNU Lesser General Public License v2.1
2.24k stars 56 forks source link

Optionally allow unprivileged user installations #214

Open cosmojg opened 1 year ago

cosmojg commented 1 year ago

Title says it all. I'd cherish the ability to easily install Nix with nix-command, flakes, and installation receipts on shared machines where I don't have root privileges, particularly high-performance computing (HPC) clusters.

I believe adding the option to install Nix to a user's home directory without calling sudo is the most straightforward solution, something similar to what Portage and Homebrew do to enable unprivileged user installations.

Hoverbear commented 1 year ago

It's something I want too! I'd love a true rootless Nix.

One big issue with this is, at least on Mac, the Nix store location is fixed in binaries.

nix run nixpkgs#firefox

Will start a Firefox which depends on several dynamic libraries at /nix/store/....

On Linux we have --store which can help us get around this, so it should be quite possible! It's certainly a planner we can make in the future.

On Darwin (MacOS) it's a different story, since they don't support the --store command.

If you're used to the single-user install scripts in the Nix repo, those are great, but what they do is make the installing user an owner of the /nix path, and doing that does require root.

kadaan commented 8 months ago

IMO the benefits of rootless install on MacOS, even if the /nix store is owned by the installing user, are huge in certain circles. In my use case, allowing nix to run root was a non-starter. I modified the installer to setup nix on MacOS without needing root access after the install. For me, it has been working great and the only way that I would be able to get any adoption. I would love if the installer would support rootless install on MacOS even with it's caveats. See: https://github.com/kadaan/nix-installer/tree/macos_single_user_mode

jcrben commented 1 week ago

Another aspect on Linux: you can use chroot (and proot?) or bubblewrap to mount /nix in a namespace as mentioned in https://zameermanji.com/blog/2023/3/26/using-nix-without-root/

An LLM suggested a command like this using unshare from util-linux:

unshare --user --mount --map-root-user --propagation private \
  sh -c 'mount --bind ~/.local/share/nix/root /nix && exec bash'