nix icon indicating copy to clipboard operation
nix copied to clipboard

Published 20 hours ago verified publisher icon NixOS

SDDM show Nix build users (UIDs too low)

Open iTrooz opened this issue 1 year ago • 4 comments

Describe the bug

SDDM tries to show the Nix build users in the login screen It seems to be so because their UUID are smaller than 60513 (they start at 30001 on my system) https://wiki.archlinux.org/title/SDDM#One_or_more_users_do_not_show_up_on_the_greeter https://systemd.io/UIDS-GIDS/

Steps To Reproduce

  • Install Nix
  • SDDM will not show user avatars anymore
  • Add this in the sddm config file :
EnableAvatars=True
DisableAvatarsThreshold=50
  • sddm will show every nix build user

Expected behavior

SDDM should not attempt to display these users as we should not login with them

nix-env --version output

nix-env (Nix) 2.11.0

Additional context

I am using ArchLinux with KDE

iTrooz avatar Sep 20 '22 08:09 iTrooz

Did this recently change? I can remember that when I was using nix on Debian this did not occur and I didn't change any configs.

SuperSandro2000 avatar Sep 20 '22 09:09 SuperSandro2000

I have no idea, I installed it recently.

I will try it on other systems

iTrooz avatar Sep 20 '22 15:09 iTrooz

Just tried on a Fedora 37, ArchLinux, and Ubuntu 22 docker containers, and every time Nix uses UIDs starting from 30000

iTrooz avatar Sep 20 '22 18:09 iTrooz

The UIDw themselves haven't changed since the install script started supporting multi-user five years ago (according to git blame at least). It looks like that number got ported from what the Darwin installer was doing, so I don't think there's a strong reason for it and it looks like it should be OK to move it to something higher if we find a range that's likely-enough to be free (@grahamc correct me if you remember anything different).

Thinking of it, I'm not really sure why the installer manages the uid by itself at all.

thufschmitt avatar Sep 21 '22 08:09 thufschmitt

I can confirm the issue - installed nix yesterday.

tcoopman avatar Dec 05 '22 08:12 tcoopman

I did some more tests, it seems like the right way to do it would be to have build users UID under 1000, rather than above whatever upper bound there is

the nix wiki already tells us to do that with the -r argument (creates a system account, uid under 1000) : https://nixos.org/manual/nix/stable/installation/multi-user.html

iTrooz avatar Dec 05 '22 10:12 iTrooz

UIDs under 1000 are a scarce resource, so it's not ideal to allocate lots of UIDs there. (E.g. on a 128-core machine, you may want to have 128 nixbld users...)

Ideally sddm would skip users that have their shell set to nologin. I think some login managers do that.

In the next Nix release, you can use auto UID allocation, which avoids the need to create nixbld user accounts.

edolstra avatar Dec 05 '22 16:12 edolstra

Ideally sddm would skip users that have their shell set to nologin. I think some login managers do that.

It seems sddm only do that with system accounts

In the next Nix release, you can use auto UID allocation, which avoids the need to create nixbld user accounts.

Oh, so a fix to this issue is already coming in the next release ?

iTrooz avatar Dec 05 '22 16:12 iTrooz

While waiting for the fix to be included in the next release, is there any workout solution in the meantime?

EDIT: I guess one solution would be to use single-user installation?

PraxTube avatar Feb 10 '24 07:02 PraxTube

@PraxTube the next release in question happened a long time ago, but dynamic uids are still an experimental feature and not enabled by default.

What you can do, however, is tweak the SDDM configuration to exclude UIDs above 3000 with MaximumUid=2999 (assuming you don't have any user UID above that, but that's probably not the case)

thufschmitt avatar Feb 12 '24 12:02 thufschmitt