Making Nix follow the principle of least privilege by removing as much as possible the need to it to run as root
In multi-user mode, the Nix daemon is expected to run as root. This is quite annoying from a security point of view as the Nix codebase is (somewhat) large and not properly audited. Because of that it is also an adoption blocker in some places. I turns out that there's very few places where Nix actually needs to be root, and we can remove or isolate these, as done in https://github.com/NixOS/nix/pull/5380.
Speakers: Théophane Hufschmitt