diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index a5703760d1..18a59dbdb6 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -11,7 +11,7 @@ nix-pull nix-push: download-using-manifests.pl
 
 install-exec-local: download-using-manifests.pl copy-from-other-stores.pl find-runtime-roots.pl
 	$(INSTALL) -d $(DESTDIR)$(sysconfdir)/profile.d
-	$(INSTALL_PROGRAM) nix-profile.sh $(DESTDIR)$(sysconfdir)/profile.d/nix.sh
+	$(INSTALL_DATA) nix-profile.sh $(DESTDIR)$(sysconfdir)/profile.d/nix.sh
 	$(INSTALL) -d $(DESTDIR)$(libexecdir)/nix
 	$(INSTALL_PROGRAM) find-runtime-roots.pl $(DESTDIR)$(libexecdir)/nix 
 	$(INSTALL_PROGRAM) build-remote.pl $(DESTDIR)$(libexecdir)/nix 
diff --git a/scripts/nix-profile.sh.in b/scripts/nix-profile.sh.in
index 8395313497..d343385cc1 100644
--- a/scripts/nix-profile.sh.in
+++ b/scripts/nix-profile.sh.in
@@ -1,11 +1,50 @@
-if test -n "$HOME"; then
-    NIX_LINK="$HOME/.nix-profile"
+export NIX_USER_PROFILE_DIR=@localstatedir@/nix/profiles/per-user/$USER
+export NIX_PROFILES="@localstatedir@/nix/profiles/default $HOME/.nix-profile"
 
-    if ! test -L "$NIX_LINK"; then
-        echo "creating $NIX_LINK" >&2
-        _NIX_DEF_LINK=@localstatedir@/nix/profiles/default
-        @coreutils@/ln -s "$_NIX_DEF_LINK" "$NIX_LINK"
-    fi
-
-    export PATH=$NIX_LINK/bin:$PATH
+# Set up the per-user profile.
+mkdir -m 0755 -p $NIX_USER_PROFILE_DIR
+if test "$(stat --printf '%u' $NIX_USER_PROFILE_DIR)" != "$(id -u)"; then
+    echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
+fi
+
+if ! test -L $HOME/.nix-profile; then
+    echo "creating $HOME/.nix-profile" >&2
+    if test "$USER" != root; then
+        @coreutils@/ln -s $NIX_USER_PROFILE_DIR/profile $HOME/.nix-profile
+    else
+        # Root installs in the system-wide profile by default.
+        @coreutils@/ln -s /nix/var/nix/profiles/default $HOME/.nix-profile
+    fi
+fi
+
+export PATH="$HOME/.nix-profile/bin:$PATH"
+
+# Subscribe the root user to the NixOS channel by default.
+if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then
+    echo "http://nixos.org/releases/nixos/channels/nixos-unstable nixos" > $HOME/.nix-channels
+fi
+
+# Create the per-user garbage collector roots directory.
+NIX_USER_GCROOTS_DIR=@localstatedir@/nix/gcroots/per-user/$USER
+mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR
+if test "$(stat --printf '%u' $NIX_USER_GCROOTS_DIR)" != "$(id -u)"; then
+    echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
+fi
+
+# Set up a default Nix expression from which to install stuff.
+if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
+    echo "creating $HOME/.nix-defexpr" >&2
+    rm -f $HOME/.nix-defexpr
+    mkdir $HOME/.nix-defexpr
+    if [ "$USER" != root ]; then
+        @coreutils@/ln -s @localstatedir@/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
+    fi
+fi
+
+# Set up secure multi-user builds: non-root users build through the
+# Nix daemon.
+if test "$USER" != root; then
+    export NIX_REMOTE=daemon
+else
+    unset NIX_REMOTE
 fi