Default should depend on whether we are root.

author: Ben Radford <benradf@users.noreply.github.com> 2023-07-11 11:13:39 +0100
committer: Ben Radford <benradf@users.noreply.github.com> 2023-07-11 11:14:13 +0100
commit: a193ec4052d9efa895681c438cc335296c7affea (patch)
tree: 75f856dea6142d749b1ab5d6b58b06e6ca1ed076 /src/libstore/globals.hh
parent: 2b4c59dd997c72069b6039783fea4c3b35f5cee7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index dec132ff0..9a9b4903f 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -524,7 +524,7 @@ public:
     Setting<bool> sandboxFallback{this, true, "sandbox-fallback",
         "Whether to disable sandboxing when the kernel doesn't allow it."};
 
-    Setting<bool> requireDropSupplementaryGroups{this, true, "require-drop-supplementary-groups",
+    Setting<bool> requireDropSupplementaryGroups{this, getuid() == 0, "require-drop-supplementary-groups",
         R"(
           Following the principle of least privilege,
           Nix will attempt to drop supplementary groups when building with sandboxing.
author	Ben Radford <benradf@users.noreply.github.com>	2023-07-11 11:13:39 +0100
committer	Ben Radford <benradf@users.noreply.github.com>	2023-07-11 11:14:13 +0100
commit	a193ec4052d9efa895681c438cc335296c7affea (patch)
tree	75f856dea6142d749b1ab5d6b58b06e6ca1ed076 /src/libstore/globals.hh
parent	2b4c59dd997c72069b6039783fea4c3b35f5cee7 (diff)