Install Nix as root

[davidak]

How do i install Nix (single-user mode) as root on Linux?

I don't want to do a full manual install (compile it).

I tried the default way, but it fails:

[root@ipfire ~]# curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1383  100  1383    0     0   4150      0 --:--:-- --:--:-- --:--:--  4190
unpacking Nix binary tarball for i686-linux from `https://nixos.org/releases/nix/nix-1.11.2/nix-1.11.2-i686-linux.tar.bz2'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 64.8M  100 64.8M    0     0  1438k      0  0:00:46  0:00:46 --:--:-- 1377k
warning: installing Nix as root is not supported by this script!
performing a single-user installation of Nix...
directory /nix does not exist; creating it by running ‘mkdir -m 0755 /nix && chown root /nix’ using sudo
copying Nix to /nix/store...........................
initialising Nix database...
warning: the group ‘nixbld’ specified in ‘build-users-group’ does not exist
warning: the group ‘nixbld’ specified in ‘build-users-group’ does not exist
creating /root/.nix-profile
warning: the group ‘nixbld’ specified in ‘build-users-group’ does not exist
installing ‘nix-1.11.2’
building path(s) ‘/nix/store/mk06d1iiyscqnr9zl23bf42jb2vds1gh-user-environment’
error: the group ‘nixbld’ specified in ‘build-users-group’ does not exist
nix-binary-tarball-unpack.HoMEIazdBT/nix-1.11.2-i686-linux/install: unable to install Nix into your default profile

warning: installing Nix as root is not supported by this script!

what is missing here? can i do the last steps manually? could you support installing as root?

[mboes]

I found a fairly simple workaround:

$ echo "build-users-group =" > /etc/nix/nix.conf

before running the install script.

this suggests that the install script could be modified so that it creates this configuration file to override the defaults in case the install user is root.

[davidak]

sh: you do not have 'shasum' installed, which I need to verify the binary tarball

this must be a new dependency. i don't have it on that system :/

[mboes]

On CentOS at any rate you need to install perl-Digest-SHA.

[alexhrescale]

I understand this functionality isn't currently supported, but it would allow building of singularity containers more easily using nix. Singularity containers are manipulated only as root at build-time, then the UID maps to $USER at run-time, where the container is read-only. I'm currently using docker://nixos/nix as a base image as a workaround, but it would be nice to be able to take any other base image and install nix at build-time.

[TerrorJack]

@alexhrescale Installing single-user Nix under root is possible, you may find this build script useful, it sets up nix in a Debian image, and also properly initializes the nixbld* build users.

[alexhrescale]

the build script creates users though, which is not the same as non-root single-user install

[nh2]

$ echo "build-users-group =" > /etc/nix/nix.conf

Is there anything against making @mboes's suggestion part of the installer script?

It seems to work quite well for me.

[LnL7]

Does that work? A root installation without build users has serious security implications.

[thedavidmeister]

this would be helpful to allow us to test the behaviour of nix-shell on ubuntu/debian/etc. environments on CI (e.g. circle CI uses root user)

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/installing-from-another-linux-distribution-as-root/10657/9

[stale[bot]]

I marked this as stale due to inactivity. → More info

[InLaw]

this build script useful

for FROM ubuntu:20.10 it results in mv: cannot stat '/tmp/nix.conf': No such file or directory

---

How should the file / content get into /tmp/nix.conf?

[stale[bot]]

I marked this as stale due to inactivity. → More info

[gvolpe]

Nearly in 2023... What's the recommendation for installing Nix on self-hosted runners such as amazon-linux runners on Github Enterprise where the only user is root?

[bjornfor]

@gvolpe: I thought https://github.com/nixos/nix/pull/6882 fixed that? Or do you require single-user install, not multi-user/daemon?

Related: AFAICT, Nix 2.12 has support for allocating temporary build users at runtime (release announcement).

[gvolpe]

@bjornfor not out of the box at least. After it finishes the multi-user installation as root, the next command is unable to find nix.

 /_work/_temp/1e31ddbb-3e92-4a7c-b3f8-0604adc37fdb.sh: line 1: nix: command not found

I tried running nix-daemon right after the installation script, but it doesn't work (again, command not found). Running on Github Enterprise runners, now on Ubuntu, previously on Amazon Linux.

Either way, a multi-user installation for a CI build seems to be overkiller...

[gvolpe]

Related: AFAICT, Nix 2.12 has support for allocating temporary build users at runtime (release announcement).

I missed this part, seems exciting! The example points to a link that doesn't resolve, though, I wonder how I can use it.

[bjornfor]

The example points to a link that doesn't resolve, though, I wonder how I can use it.

Yes, I noticed too. :cry:

[GeorgeLyon]

Any updates on this? I'm trying to run nix in a Docker container where creating the non-root user for nix is causing issues for me (basically, I need a single user that is both root and can run nix). I feel like the last few comments were referring to this feature: https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-allocate-uids though I'm not sure how to use it to enable my use case.