nix
nix copied to clipboard
SDDM show Nix build users (UIDs too low)
Describe the bug
SDDM tries to show the Nix build users in the login screen It seems to be so because their UUID are smaller than 60513 (they start at 30001 on my system) https://wiki.archlinux.org/title/SDDM#One_or_more_users_do_not_show_up_on_the_greeter https://systemd.io/UIDS-GIDS/
Steps To Reproduce
- Install Nix
- SDDM will not show user avatars anymore
- Add this in the sddm config file :
EnableAvatars=True
DisableAvatarsThreshold=50
- sddm will show every nix build user
Expected behavior
SDDM should not attempt to display these users as we should not login with them
nix-env --version
output
nix-env (Nix) 2.11.0
Additional context
I am using ArchLinux with KDE
Did this recently change? I can remember that when I was using nix on Debian this did not occur and I didn't change any configs.
I have no idea, I installed it recently.
I will try it on other systems
Just tried on a Fedora 37, ArchLinux, and Ubuntu 22 docker containers, and every time Nix uses UIDs starting from 30000
The UIDw themselves haven't changed since the install script started supporting multi-user five years ago (according to git blame
at least).
It looks like that number got ported from what the Darwin installer was doing, so I don't think there's a strong reason for it and it looks like it should be OK to move it to something higher if we find a range that's likely-enough to be free (@grahamc correct me if you remember anything different).
Thinking of it, I'm not really sure why the installer manages the uid by itself at all.
I can confirm the issue - installed nix yesterday.
I did some more tests, it seems like the right way to do it would be to have build users UID under 1000, rather than above whatever upper bound there is
the nix wiki already tells us to do that with the -r
argument (creates a system account, uid under 1000) : https://nixos.org/manual/nix/stable/installation/multi-user.html
UIDs under 1000 are a scarce resource, so it's not ideal to allocate lots of UIDs there. (E.g. on a 128-core machine, you may want to have 128 nixbld users...)
Ideally sddm
would skip users that have their shell set to nologin
. I think some login managers do that.
In the next Nix release, you can use auto UID allocation, which avoids the need to create nixbld user accounts.
Ideally sddm would skip users that have their shell set to nologin. I think some login managers do that.
It seems sddm only do that with system accounts
In the next Nix release, you can use auto UID allocation, which avoids the need to create nixbld user accounts.
Oh, so a fix to this issue is already coming in the next release ?
While waiting for the fix to be included in the next release, is there any workout solution in the meantime?
EDIT: I guess one solution would be to use single-user installation?
@PraxTube the next release in question happened a long time ago, but dynamic uids are still an experimental feature and not enabled by default.
What you can do, however, is tweak the SDDM configuration to exclude UIDs above 3000 with MaximumUid=2999
(assuming you don't have any user UID above that, but that's probably not the case)