How to run nixpkgs/nix not as root

[tim2CF]

It's critical for the cases where some directories are mounted, and I definitely don't want to root them. Previously I was able to run dockerized nix-shell with mounted directories as non-root user this way:

https://github.com/coingaming/src/blob/dab692ec0171d4c789bc60c5bbf4ede6b7e43516/btc-lsp/nix/hm-shell-docker.sh#L40-L56

With nixpkgs/nix this is not working because adduser is not in scope.

[Mic92]

Could you not use nix-shell to get adduser?

[tim2CF]

It would be possible if adduser will be presented in nixpkgs, but at the moment I could not find something similar

https://search.nixos.org/packages?channel=21.11&from=0&size=50&sort=relevance&type=packages&query=adduser

[freezeboy]

The useradd command is part of the shadow package. I don't know if you can arrange the script with it

[aaronmondal]

+1 on this.

What about pkgs.fakeNss or pkgs.shadowSetup? There are some non-root setups in the examples but it's unclear to me what the best approach would be.

[fpletz]

I have an image that can be used as non-root. However it needs the sandbox to be disabled. Code is here: https://github.com/fpletz/docker-nixpkgs/blob/master/images/nix-user/default.nix

Pre-built images available if you want to test: https://github.com/fpletz/docker-nixpkgs/pkgs/container/docker-nixpkgs%2Fnix-user

[aaronmondal]

@fpletz Thanks for the heads up :blush: At least for throwaway CI images it's probably fine to disable nix sandboxing since the entire image already acts as a sandbox. I believe some (toolchain-related) things didn't work without the nix sandbox, but I'll try again. Maybe I'm remembering incorrectly and that was another issue.