Maxime Devos <maximede...@telenet.be> skribis: > Ludovic Courtès schreef op di 28-09-2021 om 14:21 [+0200]: >> Hi, >> >> Joshua Branson <jbra...@dismail.de> skribis: >> >> > Apologies if I'm speaking for something I know very little >> > about...Wouldn't it be nice if guix home services would accept a user >> > and a group field? For the syncthing service, perhaps the user wants to >> > limit Syncthing's runtime permissions. So instead of running as the >> > user, the user would run synthing as a different user with less >> > permissions? >> >> That’s not possible unless the calling user is root, since you’d need >> the ability to switch users somehow. > > On Debian, a user has a list of ‘subordinate user IDs’ which can be switched > to without root: > <https://manpages.debian.org/buster/uidmap/newuidmap.1.en.html>. > > Maybe "guix home" could use that mechanism, and this mechanism could be > implemented > on Guix System as well?
Yes but that requires unprivileged user namespaces, which may or may not be supported—e.g., likely unsupported when using Home on a foreign distro. Ludo’.
