GNU bug report logs -
#40550
Shell skeletons not working as expected
Previous Next
To reply to this bug, email your comments to 40550 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Sat, 11 Apr 2020 10:21:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Alexandru-Sergiu Marton <brown121407 <at> member.fsf.org>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Sat, 11 Apr 2020 10:21:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
I changed my default shell to zsh with the following line added to
my user-account record in my config.scm:
(shell #~(string-append #$zsh "/bin/zsh"))
After reconfiguring the system and rebooting, when I try to run sudo or
su (I guess this problem appears for every thing in %setuid-programs), I
get a message saying it isn't actually a setuid program.
I'm writing this from a reconfigured system started at the same point as
the zsh one started, but with bash. Here I don't have that problem --
setuid programs work as expected.
Steps to reproduce:
- $ guix pull
- Change the default shell to zsh in your config.scm, as presented
above.
- $ sudo guix system reconfigure config.scm
- Reboot.
- Try to run sudo or su. It should give you an error.
Cheers,
Sergiu
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Sat, 11 Apr 2020 19:39:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 40550 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sat, Apr 11, 2020 at 01:10:17PM +0300, Alexandru-Sergiu Marton wrote:
> Hi,
>
> I changed my default shell to zsh with the following line added to
> my user-account record in my config.scm:
>
> (shell #~(string-append #$zsh "/bin/zsh"))
>
> After reconfiguring the system and rebooting, when I try to run sudo or
> su (I guess this problem appears for every thing in %setuid-programs), I
> get a message saying it isn't actually a setuid program.
>
> I'm writing this from a reconfigured system started at the same point as
> the zsh one started, but with bash. Here I don't have that problem --
> setuid programs work as expected.
>
> Steps to reproduce:
> - $ guix pull
> - Change the default shell to zsh in your config.scm, as presented
> above.
> - $ sudo guix system reconfigure config.scm
> - Reboot.
> - Try to run sudo or su. It should give you an error.
Do you have sudo installed in a profile? /run/setuid-programs/sudo
should be the first 'sudo' in your PATH regardless of the shell. What's
the contents of your $PATH?
(ins)efraim <at> E5400 ~$ which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
(ins)efraim <at> E5400 ~$ guix environment --ad-hoc zsh
substitute: updating substitutes from 'http://192.168.1.183:3000'... 100.0%
substitute: updating substitutes from 'http://192.168.1.217:3000'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://bayfront.guix.gnu.org'... 100.0%
The following derivation will be built:
/gnu/store/yfqfk66vl1s6av45a92ml5l60d2kaxyk-profile.drv
2.1 MB will be downloaded:
/gnu/store/icyx0ynnaaradzzxfqyjrwy0x545zdn5-zsh-5.8
The following profile hooks will be built:
/gnu/store/8kim2ay78nrlgpdks734hridk21waxhc-fonts-dir.drv
/gnu/store/fxdkr919viih72p9s2zkiadgj7r182d1-info-dir.drv
/gnu/store/ml3s254v7zf4dmwmfpc59clr0xgllsbn-ca-certificate-bundle.drv
/gnu/store/rvd1xybadpnzwlm1qz7iqcsky1dj2myw-manual-database.drv
downloading from https://ci.guix.gnu.org/nar/lzip/icyx0ynnaaradzzxfqyjrwy0x545zdn5-zsh-5.8...
zsh-5.8 2.0MiB 1.6MiB/s 00:01 [##################] 100.0%
building CA certificate bundle...
building fonts directory...
building directory of Info manuals...
building database for manual pages...
building profile with 1 package...
(ins)efraim <at> E5400 ~ [env]$ zsh
E5400% which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Mon, 13 Apr 2020 04:55:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 40550 <at> debbugs.gnu.org (full text, mbox):
On Sun Apr 12, 2020 at 1:38 AM PST, Efraim Flashner wrote:
> Do you have sudo installed in a profile? /run/setuid-programs/sudo
> should be the first 'sudo' in your PATH regardless of the shell. What's
> the contents of your $PATH?
This is my $PATH in zsh:
/home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin
> (ins)efraim <at> E5400 ~$ which -a sudo
> /run/setuid-programs/sudo
> /run/current-system/profile/bin/sudo
$ which -a sudo
/run/current-system/profile/bin/sudo
BUT!
$ ls /run/setuid-programs/
dbus-daemon-launch-helper newuidmap pkexec sudoedit
fusermount passwd polkit-agent-helper-1 umount
mount ping su
newgidmap ping6 sudo
So it looks like it's a problem with my PATH. While in bash I don't
append /run/setuid-programs to it manually, yet bash recognizes the
setuid programs. I'll probably add /run/setuid-programs by hand but I'm
wondering why doesn't it work by default.
Thanks,
Sergiu
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Mon, 13 Apr 2020 05:04:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 40550 <at> debbugs.gnu.org (full text, mbox):
Just a few more details. If I boot into a system config with bash as the
default shell, this is my $PATH:
/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/setuid-programs:/home/brown/.config/guix/current/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
If I get zsh through an environment, my PATH still has
/run/setuid-programs in it.
[brown <at> 121408 ~]$ guix environment --ad-hoc zsh
[brown <at> 121408 ~][env]$ zsh
[brown <at> 121408 ~]$ echo $PATH
/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/gnu/store/anb9bk6qbwhblfr6fqcv6iiq8scyng1i-profile/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/setuid-programs:/home/brown/.config/guix/current/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
[brown <at> 121408 ~]$ which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
So my problem happens only when setting zsh as an account's default
shell.
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Mon, 13 Apr 2020 17:57:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 40550 <at> debbugs.gnu.org (full text, mbox):
On Mon, Apr 13, 2020 at 07:46:58AM +0300, Alexandru-Sergiu Marton wrote:
> On Sun Apr 12, 2020 at 1:38 AM PST, Efraim Flashner wrote:
> > Do you have sudo installed in a profile? /run/setuid-programs/sudo
> > should be the first 'sudo' in your PATH regardless of the shell. What's
> > the contents of your $PATH?
>
> This is my $PATH in zsh:
> /home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin
Setting up Zsh should definitely work when creating a new user's home
directory, but maybe it doesn't do the right thing when changing a
user's shell after the home directory has already been created. We
should look into that.
Please copy the contents of '/etc/skel/.zprofile' to your zprofile file
and check for the /run/setuid-programs in your $PATH after logging in
again with `zsh --login`.
Changed bug title to '"Shell skeletons not working as expected"' from 'zsh: sudo is not setuid'
Request was from
Leo Famulari <leo <at> famulari.name>
to
control <at> debbugs.gnu.org.
(Mon, 13 Apr 2020 17:57:02 GMT)
Full text and
rfc822 format available.
Changed bug title to 'Shell skeletons not working as expected' from '"Shell skeletons not working as expected"'
Request was from
Leo Famulari <leo <at> famulari.name>
to
control <at> debbugs.gnu.org.
(Mon, 13 Apr 2020 18:03:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Mon, 13 Apr 2020 19:15:02 GMT)
Full text and
rfc822 format available.
Message #24 received at 40550 <at> debbugs.gnu.org (full text, mbox):
On Mon, Apr 13, 2020 at 01:55:55PM -0400, Leo Famulari wrote:
> Setting up Zsh should definitely work when creating a new user's home
> directory, but maybe it doesn't do the right thing when changing a
> user's shell after the home directory has already been created. We
> should look into that.
I tested it, and if the file ~/.zprofile already exists when Guix tries
to set up its own ~/.zprofile, then nothing is done. Maybe you already
had a ~/.zprofile?
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Fri, 17 Apr 2020 06:50:01 GMT)
Full text and
rfc822 format available.
Message #27 received at 40550 <at> debbugs.gnu.org (full text, mbox):
On Mon Apr 13, 2020 at 6:14 PM PST, Leo Famulari wrote:
> I tested it, and if the file ~/.zprofile already exists when Guix tries
> to set up its own ~/.zprofile, then nothing is done. Maybe you already
> had a ~/.zprofile?
Yes. That should be the problem then. It is confusing though, because I
didn't think for a second that might affect it. How is this set up on
bash? It doesn't look like there is any place where /run/setuid-programs
is appended to PATH in any of my bash files.
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Fri, 17 Apr 2020 08:00:02 GMT)
Full text and
rfc822 format available.
Message #30 received at 40550 <at> debbugs.gnu.org (full text, mbox):
On Mon Apr 13, 2020 at 6:14 PM PST, Leo Famulari wrote:
> I tested it, and if the file ~/.zprofile already exists when Guix tries
> to set up its own ~/.zprofile, then nothing is done. Maybe you already
> had a ~/.zprofile?
What does "when Guix tries to set up its own ~/.zprofile" exactly mean?
When should that happen? I tried reconfiguring my system to use zsh and
I deleted my ~/.zprofile prior to that, but after the reconfiguration
there was no new ~/.zprofile created in my home dir.
Currently I append /run/setuid-programs manually to my PATH to get
around this issue.
Information forwarded
to
bug-guix <at> gnu.org:
bug#40550; Package
guix.
(Fri, 17 Apr 2020 14:46:01 GMT)
Full text and
rfc822 format available.
Message #33 received at 40550 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Fri, Apr 17, 2020 at 10:58:52AM +0300, Alexandru-Sergiu Marton wrote:
> On Mon Apr 13, 2020 at 6:14 PM PST, Leo Famulari wrote:
> > I tested it, and if the file ~/.zprofile already exists when Guix tries
> > to set up its own ~/.zprofile, then nothing is done. Maybe you already
> > had a ~/.zprofile?
>
> What does "when Guix tries to set up its own ~/.zprofile" exactly mean?
> When should that happen? I tried reconfiguring my system to use zsh and
> I deleted my ~/.zprofile prior to that, but after the reconfiguration
> there was no new ~/.zprofile created in my home dir.
I believe it would only insert a new .zprofile when a new user is
created. zprofile is in (gnu system shadow) and currently it only
sources /etc/profile.
>
> Currently I append /run/setuid-programs manually to my PATH to get
> around this issue.
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 5 years and 63 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.