On Fri, Apr 06, 2018 at 10:01:57AM +0200, Ludovic Courtès wrote: > Probably, yes. It would be good to check how this affects > mingetty/login, sshd, etc. I've attached a patch that sets the variables in /etc/login.defs. The resulting PATH only includes "system" packages, which are found in /run/current-system and /run/setuid-programs. It would be better if it also included the user-specific programs in ~/.guix-profile, but I don't think this is possible without patching `su` to look up usernames. Shell variables are not expanded by `su`, so using $HOME doesn't work. And I'm not sure how to use /var/guix/profiles/per-user without making `su` look up usernames. Nevertheless, I think it's an improvement, although maybe it's less confusing for the PATH to be totally wrong than merely missing the user's packages. WDYT? With the attached patch, I tested mingetty and agetty's login, as well as OpenSSH sshd login, and everything seemed to work — this changes should have no effect in those cases because it affects non-login shells only. > Note that libc also has its own default PATH value in : > > /* Default search path. */ > #define _PATH_DEFPATH "/usr/bin:/bin" > /* All standard utilities path. */ > #define _PATH_STDPATH \ > "/usr/bin:/bin:/usr/sbin:/sbin" > > Does ‘su’ rely on this? In a future rebuild cycle we could change these > values, but /run/current-system/bin wouldn’t work on foreign distros, so > it’s not clear there’s much to gain. AFAICT, `su` doesn't use this. The relevant code is below; it hard-codes the fall-back PATHs rather than refer to libc. ------ /* * Create the PATH environmental variable and export it. */ cp = getdef_str ((info->pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH"); if (NULL == cp) { /* not specified, use a minimal default */ addenv ((info->pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL); } else if (strchr (cp, '=')) { /* specified as name=value (PATH=...) */ addenv (cp, NULL); } else { /* only value specified without "PATH=" */ addenv ("PATH", cp); } ------ https://github.com/shadow-maint/shadow/blob/15be89f89d553c06d52453721ee8e9a8433cfdfd/libmisc/setupenv.c#L263