GNU bug report logs - #55892
[PATCH] pull: Fail if cache directory ownership is suspect.

Previous Next

Package: guix-patches;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Fri, 10 Jun 2022 16:08:01 UTC

Severity: normal

Tags: patch

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: 55892 <at> debbugs.gnu.org
Subject: [bug#55892] [PATCH] pull: Fail if cache directory ownership is suspect.
Date: Sun,  5 Jun 2022 02:04:25 +0200

New users frequently run ‘sudo guix pull’ which breaks subsequent
unprivileged ‘guix pull’s until manually fixed with chmod -R.

* guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or
its innermost extant parent) is not owned by the user pulling the Guix,
with a hint about ‘sudo -i’.
---

Hi Guix,

Another one in the ‘low-level support noise paper-cut’ series.
The XXX comment would not land upstream, I think.

I didn't test this on a foreign distribution.  My understanding is
that distributions where sudo already defaults to ‘-i’ won't throw
the warning nor suffer from the problem.

Kind regards,

T G-R

 guix/scripts/pull.scm | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index f01764637b..1eaf8f087b 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -49,6 +49,7 @@ (define-module (guix scripts pull)
   #:autoload   (gnu packages bootstrap) (%bootstrap-guile)
   #:autoload   (gnu packages certs) (le-certs)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-11)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
@@ -810,6 +811,31 @@ (define (no-arguments arg _)
         ((assoc-ref opts 'generation)
          (process-generation-change opts profile))
         (else
+         ;; Bail out early when users accidentally run, e.g., ’sudo guix pull’.
+         ;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up.
+         (let-values (((st dir) (let loop ((dir (cache-directory)))
+                                  (let ((st (stat dir #f)))
+                                    (if st
+                                        (values (stat dir #f) dir)
+                                        (loop (dirname dir)))))))
+           (let ((dir:uid (stat:uid st))
+                 (our:uid (getuid)))
+             (unless (= dir:uid our:uid)
+               (let ((our:user (passwd:name (getpwuid our:uid)))
+                     (dir:user (passwd:name (getpwuid dir:uid))))
+                 (raise
+                  (condition
+                   (&message
+                    (message
+                     (format #f (G_ "directory ‘~a’ is not owned by user ~a")
+                             dir dir:user)))
+                   (&fix-hint
+                    (hint
+                     ;; XXX We could check (getenv "SUDO_USER") to display this
+                     ;; only under sudo, but that would imply handling doas… &c.
+                     (format #f (G_ "You should run this command as ~a; use ‘sudo -i’ or equivalent if you really want to pull as ~a.")
+                             dir:user our:user)))))))))
+
          (with-store store
            (with-status-verbosity (assoc-ref opts 'verbosity)
              (parameterize ((%current-system (assoc-ref opts 'system))
-- 
2.36.1
This bug report was last modified 3 years and 31 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.