nh does not try to elevate privileges when called with --bypass-root-check

[fugidev]

I have confirmed that this is a bug related to nh

• This is a bug, and not an user error or a support request. I understand that my issue will be closed if it is not a bug in NH.
• I have checked the issues tab and confirmed that my issue has not yet been reported. I understand that my issue will be closed if it is a duplicate.

Description

nh does not try to elevate privileges (i.e. call sudo when needed), when called with --bypass-root-check or if NH_BYPASS_ROOT_CHECK env variable is set. This is an issue when you have NH_BYPASS_ROOT_CHECK set globally, but also use nh as non-root user. (I know this can be easily worked around, but it is a bug – the flag's description says "Don't panic if calling nh as root", so it should not change any behaviour when not called as root.)

logs:

! Bypassing root check, now running nix as root (nh/src/nixos.rs:108)
> Building NixOS configuration
fetching git input 'git+file:///etc/nixos'
warning: Git tree '/etc/nixos' is dirty
Finished at 11:21:59 after 0s
[...]
> Apply the config? Yes
> Activating configuration
Error: switch-to-configuration must be run as the root user
Error: 
   0: Activation (test) failed
   1: Activating configuration (exit status Exited(1))

Location:
   src/commands.rs:562

Installation Method

Stable Release (nixpkgs, pkgs.nh from nixos-unstable or nixos-yy-mm)

Installation Method (Other)

I have also tried nh from nix shell github:nix-community/nh.

NH Version

4.2.0

System Information

• system: "x86_64-linux"
• host os: Linux 6.16.9, NixOS, 25.11 (Xantusia), 25.11.20251002.7df7ff7
• multi-user?: yes
• sandbox: yes
• version: nix-env (Lix, like Nix) 2.93.3 System type: x86_64-linux Additional system types: i686-linux, x86_64-v1-linux, x86_64-v2-linux, x86_64-v3-linux Features: gc, signed-caches System configuration file: /etc/nix/nix.conf User configuration files: /home/fugi/.config/nix/nix.conf:/etc/xdg/nix/nix.conf:/home/fugi/.nix-profile/etc/xdg/nix/nix.conf:/nix/profile/etc/xdg/nix/nix.conf:/home/fugi/.local/state/nix/profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/fugi/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf Store directory: /nix/store State directory: /nix/var/nix Data directory: /nix/store/23a2fc0ha64j2ygaq8b9gaqc5sb0whf7-lix-2.93.3/share
• nixpkgs: /nix/store/9v6qa656sq3xc58vkxslqy646p0ajj61-source

[viperML]

--bypass-root-check bypasses the check for calling nh as the root user. It is meant to be used for calling nh as root. Perhaps the wording on the warning log is not the best.

[fugidev]

I get that it is meant for that. But why not make it a no-op otherwise?

[viperML]

It is a no-op: it calls switch-to-configurarion unconditionally. Then it fails because you have to call switch-to-configuration as root.

[fugidev]

No it isn't a no-op. It makes nh call switch-to-configuration without sudo, instead of just disabling the check that prevents running nh as root directly (which is what the flag literally says it would do).

[fugidev]

I do not intend to be rude here, just to clarify what I mean: a no-op would mean that the flag changes no behaviour at all, if nh is not run as root.

[viperML]

If anything, nh should crash if you are passing the flag and euid is not root's.

[fugidev]

What is your reasoning for why it should do that?

My understanding is that a flag should do what it says. It's called "bypass root check", so I'd intuitively expect it to bypass the root check (which makes nh bail with an error if it is run as root), and nothing else.

[viperML]

The question is why do you want to use this flag at all, if you just want the behaviour without the flag.

[fugidev]

Why I want to be able do that is not really relevant to the technical argument regarding consistent, predictable UX.
(And I have already explained it in the issue above btw.)

Respectfully: I know that you were formerly maintainer and active contributor of this project, and have implemented the feature we're talking about.
So far, I don't see you engaging with any of my points, just deflecting. I don't see this going anywhere productive.
I would rather spend my time on productive, technical discussion, if I am to engage with this project further.

[phanirithvij]

I think OP is asking for when run as non-root to work like

! nh was not running as root but was asked to bypass root check flag, Ignoring it
...
normal execution

Which admittedly is better UX if for some reason a user of nh doesn't want the "root check" feature enabled at all.