GNU bug report logs -
#75810
[PATCH 0/6] Rootless guix-daemon
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Fri, 24 Jan 2025 17:24:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #146 received at 75810 <at> debbugs.gnu.org (full text, mbox):
Hi,
Simon Tournier <zimon.toutoune <at> gmail.com> skribis:
> Quoting Janneke [1]:
>
> I'm kind of afraid that having a writable /gnu/store, even if it's just
> on foreign distributions,
This problem is fixed in v3: the store will be remounted readonly as is
currently the case.
> Could you clarify the status about the store when running guix-daemon as
> root on foreign distros? Or maybe now, will guix-daemon always run as a
> regular user on foreign distros?
As currently written, guix-daemon will always run as non-root on foreign
distros (on systemd-based distros specifically.)
>>From an user perspective, instead of running guix-daemon as root, now
> guix-daemon will run as the regular user named ’guix-daemon’ without any
> special privileges, right?
Correct.
> User still need root privileges once at guix-install.sh time but not
> more. Therefore, for updating the guix-daemon, the user guix-daemon
> needs to run “guix pull“ and restart the service, right?
The upgrade procedure remains unchanged: you would run ‘guix pull’ as
root and restart the service¹ (the service itself runs as user
‘guix-daemon’).
> If yes, cool! It’ll be a booster for cluster sysadmins. :-)
Yup!
Ludo’.
¹ https://guix.gnu.org/manual/devel/en/html_node/Upgrading-Guix.html
This bug report was last modified 56 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.