Ludovic Courtès schreef op di 28-09-2021 om 14:21 [+0200]:
> Hi,
> 
> Joshua Branson <jbranso@dismail.de> skribis:
> 
> > Apologies if I'm speaking for something I know very little
> > about...Wouldn't it be nice if guix home services would accept a user
> > and a group field?  For the syncthing service, perhaps the user wants to
> > limit Syncthing's runtime permissions.  So instead of running as the
> > user, the user would run synthing as a different user with less permissions?
> 
> That’s not possible unless the calling user is root, since you’d need
> the ability to switch users somehow.

On Debian, a user has a list of ‘subordinate user IDs’ which can be switched
to without root: <https://manpages.debian.org/buster/uidmap/newuidmap.1.en.html>.

Maybe "guix home" could use that mechanism, and this mechanism could be implemented
on Guix System as well?

Greetings,
Maxime