The /var/guix/daemon-socket/socket is by default set to be owned by root:root with chmod 0666 that allows **ALL** users on the system to interact with guix daemon to write in the store directory.

Proposing to define a group (or use guixbuild group?) to by default deny access to the socket to all users without the group as i see this being a security issue waiting to happen.

-- Jacob "Kreyren" Hrbek

Sent with ProtonMail Secure Email.