forked from lix-project/lix
Merge pull request #6882 from DeterminateSystems/allow-multi-user-as-root
Allow installing multi-user as root on macOS and Linux
This commit is contained in:
commit
af4e8b00fb
|
@ -13,7 +13,7 @@ for your platform:
|
||||||
- multi-user on macOS
|
- multi-user on macOS
|
||||||
|
|
||||||
> **Notes on read-only filesystem root in macOS 10.15 Catalina +**
|
> **Notes on read-only filesystem root in macOS 10.15 Catalina +**
|
||||||
>
|
>
|
||||||
> - It took some time to support this cleanly. You may see posts,
|
> - It took some time to support this cleanly. You may see posts,
|
||||||
> examples, and tutorials using obsolete workarounds.
|
> examples, and tutorials using obsolete workarounds.
|
||||||
> - Supporting it cleanly made macOS installs too complex to qualify
|
> - Supporting it cleanly made macOS installs too complex to qualify
|
||||||
|
@ -31,8 +31,8 @@ $ sh <(curl -L https://nixos.org/nix/install) --no-daemon
|
||||||
```
|
```
|
||||||
|
|
||||||
This will perform a single-user installation of Nix, meaning that `/nix`
|
This will perform a single-user installation of Nix, meaning that `/nix`
|
||||||
is owned by the invoking user. You should run this under your usual user
|
is owned by the invoking user. You can run this under your usual user
|
||||||
account, *not* as root. The script will invoke `sudo` to create `/nix`
|
account or root. The script will invoke `sudo` to create `/nix`
|
||||||
if it doesn’t already exist. If you don’t have `sudo`, you should
|
if it doesn’t already exist. If you don’t have `sudo`, you should
|
||||||
manually create `/nix` first as root, e.g.:
|
manually create `/nix` first as root, e.g.:
|
||||||
|
|
||||||
|
@ -71,11 +71,11 @@ $ sh <(curl -L https://nixos.org/nix/install) --daemon
|
||||||
|
|
||||||
The multi-user installation of Nix will create build users between the
|
The multi-user installation of Nix will create build users between the
|
||||||
user IDs 30001 and 30032, and a group with the group ID 30000. You
|
user IDs 30001 and 30032, and a group with the group ID 30000. You
|
||||||
should run this under your usual user account, *not* as root. The script
|
can run this under your usual user account or root. The script
|
||||||
will invoke `sudo` as needed.
|
will invoke `sudo` as needed.
|
||||||
|
|
||||||
> **Note**
|
> **Note**
|
||||||
>
|
>
|
||||||
> If you need Nix to use a different group ID or user ID set, you will
|
> If you need Nix to use a different group ID or user ID set, you will
|
||||||
> have to download the tarball manually and [edit the install
|
> have to download the tarball manually and [edit the install
|
||||||
> script](#installing-from-a-binary-tarball).
|
> script](#installing-from-a-binary-tarball).
|
||||||
|
@ -168,7 +168,7 @@ and `/etc/zshrc` which you may remove.
|
||||||
removed next.
|
removed next.
|
||||||
|
|
||||||
7. Remove the Nix Store volume:
|
7. Remove the Nix Store volume:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
sudo diskutil apfs deleteVolume /nix
|
sudo diskutil apfs deleteVolume /nix
|
||||||
```
|
```
|
||||||
|
@ -189,7 +189,7 @@ and `/etc/zshrc` which you may remove.
|
||||||
identifier.
|
identifier.
|
||||||
|
|
||||||
> **Note**
|
> **Note**
|
||||||
>
|
>
|
||||||
> After you complete the steps here, you will still have an empty `/nix`
|
> After you complete the steps here, you will still have an empty `/nix`
|
||||||
> directory. This is an expected sign of a successful uninstall. The empty
|
> directory. This is an expected sign of a successful uninstall. The empty
|
||||||
> `/nix` directory will disappear the next time you reboot.
|
> `/nix` directory will disappear the next time you reboot.
|
||||||
|
|
|
@ -59,6 +59,30 @@ headless() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
is_root() {
|
||||||
|
if [ "$EUID" -eq 0 ]; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
is_os_linux() {
|
||||||
|
if [ "$(uname -s)" = "Linux" ]; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
is_os_darwin() {
|
||||||
|
if [ "$(uname -s)" = "Darwin" ]; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
contact_us() {
|
contact_us() {
|
||||||
echo "You can open an issue at https://github.com/nixos/nix/issues"
|
echo "You can open an issue at https://github.com/nixos/nix/issues"
|
||||||
echo ""
|
echo ""
|
||||||
|
@ -313,10 +337,15 @@ __sudo() {
|
||||||
_sudo() {
|
_sudo() {
|
||||||
local expl="$1"
|
local expl="$1"
|
||||||
shift
|
shift
|
||||||
if ! headless; then
|
if ! headless || is_root; then
|
||||||
__sudo "$expl" "$*" >&2
|
__sudo "$expl" "$*" >&2
|
||||||
fi
|
fi
|
||||||
sudo "$@"
|
|
||||||
|
if is_root; then
|
||||||
|
env "$@"
|
||||||
|
else
|
||||||
|
sudo "$@"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -423,7 +452,7 @@ EOF
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ "$(uname -s)" = "Linux" ] && [ ! -e /run/systemd/system ]; then
|
if is_os_linux && [ ! -e /run/systemd/system ]; then
|
||||||
warning <<EOF
|
warning <<EOF
|
||||||
We did not detect systemd on your system. With a multi-user install
|
We did not detect systemd on your system. With a multi-user install
|
||||||
without systemd you will have to manually configure your init system to
|
without systemd you will have to manually configure your init system to
|
||||||
|
@ -865,24 +894,14 @@ EOF
|
||||||
install -m 0664 "$SCRATCH/nix.conf" /etc/nix/nix.conf
|
install -m 0664 "$SCRATCH/nix.conf" /etc/nix/nix.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
|
||||||
# TODO: I've moved this out of validate_starting_assumptions so we
|
|
||||||
# can fail faster in this case. Sourcing install-darwin... now runs
|
|
||||||
# `touch /` to detect Read-only root, but it could update times on
|
|
||||||
# pre-Catalina macOS if run as root user.
|
|
||||||
if [ "$EUID" -eq 0 ]; then
|
|
||||||
failure <<EOF
|
|
||||||
Please do not run this script with root privileges. I will call sudo
|
|
||||||
when I need to.
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
main() {
|
||||||
check_selinux
|
check_selinux
|
||||||
|
|
||||||
if [ "$(uname -s)" = "Darwin" ]; then
|
if is_os_darwin; then
|
||||||
# shellcheck source=./install-darwin-multi-user.sh
|
# shellcheck source=./install-darwin-multi-user.sh
|
||||||
. "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh"
|
. "$EXTRACTED_NIX_PATH/install-darwin-multi-user.sh"
|
||||||
elif [ "$(uname -s)" = "Linux" ]; then
|
elif is_os_linux; then
|
||||||
# shellcheck source=./install-systemd-multi-user.sh
|
# shellcheck source=./install-systemd-multi-user.sh
|
||||||
. "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh" # most of this works on non-systemd distros also
|
. "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh" # most of this works on non-systemd distros also
|
||||||
else
|
else
|
||||||
|
@ -890,7 +909,10 @@ EOF
|
||||||
fi
|
fi
|
||||||
|
|
||||||
welcome_to_nix
|
welcome_to_nix
|
||||||
chat_about_sudo
|
|
||||||
|
if ! is_root; then
|
||||||
|
chat_about_sudo
|
||||||
|
fi
|
||||||
|
|
||||||
cure_artifacts
|
cure_artifacts
|
||||||
# TODO: there's a tension between cure and validate. I moved the
|
# TODO: there's a tension between cure and validate. I moved the
|
||||||
|
|
Loading…
Reference in a new issue