(name . bug-guix@gnu.org)(address . bug-guix@gnu.org)
The /var/guix/daemon-socket/socket is by default set to be owned by root:root with chmod 0666 that allows **ALL** users on the system to interact with guix daemon to write in the store directory.
Proposing to define a group (or use guixbuild group?) to by default deny access to the socket to all users without the group as i see this being a security issue waiting to happen.
-- Jacob "Kreyren" Hrbek
Sent with ProtonMail Secure Email.