GNU bug report logs - #77288
[PATCH 0/6] Rootless guix-daemon on Guix System

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Wed, 26 Mar 2025 16:50:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #53 received at 77288 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 77288 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH v2 4/8] services: account: Create
 /var/guix/profiles/per-user/$USER.
Date: Thu, 17 Apr 2025 16:21:39 +0200

* gnu/system/shadow.scm (account-shepherd-service): Create
/var/guix/profiles/per-user/$USER in ‘user-homes’ service.

Change-Id: I22e66e8a34d63686df9bae64c68df65c8889e72a
---
 gnu/system/shadow.scm | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index b68a818871..d0f1b6b2b1 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2020, 2022, 2023 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2013-2020, 2022-2023, 2025 Ludovic Courtès <ludo <at> gnu.org>
 ;;; Copyright © 2016 Alex Griffin <a <at> ajgrf.com>
 ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke <at> gnu.org>
 ;;; Copyright © 2020, 2023 Efraim Flashner <efraim <at> flashner.co.il>
@@ -460,6 +460,12 @@ (define (account-shepherd-service accounts+groups)
   (define accounts
     (filter user-account? accounts+groups))
 
+  (define regular-account-names
+    (filter-map (lambda (account)
+                  (and (not (user-account-system? account))
+                       (user-account-name account)))
+                accounts))
+
   ;; Create home directories only once 'file-systems' is up.  This makes sure
   ;; they are created in the right place if /home lives on a separate
   ;; partition.
@@ -480,6 +486,17 @@ (define (account-shepherd-service accounts+groups)
                       (activate-user-home
                        (map sexp->user-account
                             (list #$@(map user-account->gexp accounts))))
+
+                      ;; Create the user's profile directory upfront:
+                      ;; guix-daemon lacks permissions to create it when it is
+                      ;; running as an unprivileged user.
+                      (for-each (lambda (account)
+                                  (let ((profile (in-vicinity
+                                                  "/var/guix/profiles/per-user"
+                                                  account))
+                                        (owner (getpwnam account)))
+                                    (mkdir-p/perms profile owner #o755)))
+                                '#$regular-account-names)
                       #t)))                       ;success
          (documentation "Create user home directories."))))
 
-- 
2.49.0
This bug report was last modified 90 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.