[grhmc]

On Linux, users can put their Nix store in their home directory or other places and at run-time Nix remaps the directory using user namespaces. Unfortunately this isn't workable on macOS: the kernel doesn't support the features we need.

Using /nix and a separate group and daemon means the store can be read-only and be protected from modification in several ways. This is pretty helpful, as a lot of tools try very hard to write "next to" where they are installed -- corrupting the Nix store.

I sort of wonder if it would be more palatable if the Nix installer was a bit less in your face about what's going on? This would be similar to how Docker's works.

[pseudalopex]

It would be less palatable when I found out. The group is fine. Why the daemon when other package managers use sudo is unclear. Even Homebrew moved to /opt.

[lilyball]

Other package managers are okay with requiring sudo because they install stuff globally. Nix doesn't have that restriction, you can use it for local stuff, temporary shell environments, etc. So you need non-admin users to be able to use it too, and even admin users need to be able to use it without using sudo. For example, when entering a nix shell, you don't want the shell to run as root. Or when using direnv. Or just when using it as part of your build system.

Nix is a package manager, yes, but it's more than that, it's a generalized build system.

[pseudalopex]

Nix isn't the only package manager for home directories or source packages. Working in a home directory doesn't require sudo or a daemon. sudo doesn't mean run everything as root.

[soraminazuki]

You missed the crucial point:

> So you need non-admin users to be able to use it too

The build daemon and the user are used for privilege separation. The separation goes both ways. Users can't write directly to /nix/store and Nix can't write outside of /nix/store during build.

If anything, it's there to make things less invasive. It's nothing like the Docker daemon, which is a proxy for root.

Additionally, the daemon doesn't do anything unless users request that a package be built.

[pseudalopex]

Other package managers have privilege separation without daemons. I don't need non admin users to run it. And I could configure sudo to let them if I did.