From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id Tpq/C6bjQl9DNQAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 23 Aug 2020 21:46:14 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id 0G8YB6bjQl+nEQAAbx9fmQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 23 Aug 2020 21:46:14 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id DE6B89404C5
	for <larch@yhetil.org>; Sun, 23 Aug 2020 21:46:12 +0000 (UTC)
Received: from localhost ([::1]:50522 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1k9xoX-00009W-Sp
	for larch@yhetil.org; Sun, 23 Aug 2020 17:46:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58296)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1k9xoQ-00009M-9e
 for bug-guix@gnu.org; Sun, 23 Aug 2020 17:46:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:43727)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1k9xoQ-0001kT-05
 for bug-guix@gnu.org; Sun, 23 Aug 2020 17:46:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1k9xoP-0002HX-Uc
 for bug-guix@gnu.org; Sun, 23 Aug 2020 17:46:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for
 regular user
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Sun, 23 Aug 2020 21:46:01 +0000
Resent-Message-ID: <handler.42983.B42983.15982191578759@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 42983
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Danny Milosavljevic <dannym@scratchpost.org>
Received: via spool by 42983-submit@debbugs.gnu.org id=B42983.15982191578759
 (code B ref 42983); Sun, 23 Aug 2020 21:46:01 +0000
Received: (at 42983) by debbugs.gnu.org; 23 Aug 2020 21:45:57 +0000
Received: from localhost ([127.0.0.1]:55273 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1k9xoK-0002HD-VW
 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 17:45:57 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:57281)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1k9xoJ-0002H0-OS
 for 42983@debbugs.gnu.org; Sun, 23 Aug 2020 17:45:56 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
 by mailout.nyi.internal (Postfix) with ESMTP id 628595C0041;
 Sun, 23 Aug 2020 17:45:50 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute2.internal (MEProxy); Sun, 23 Aug 2020 17:45:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=2LDSMpreXb4pR/imNvQ767Tq
 X8Wiq2b7BGc40O4PQpA=; b=sDFNH0RpMdo0BwD9l2CFaUBeefnYzyBH5mQTkA+F
 Gx2ae+ajaWqIz9J9HGuFNWNDuVvy7SGWSZGg2daaHBUUAjSVHg5g/aO3JugTE3k+
 dZnX3jwBha+FG7SEuVdafigXFil5fXfW2ygt55Xl0JyR8/5jo/vwjefSq97rkQaW
 0q4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=2LDSMp
 reXb4pR/imNvQ767TqX8Wiq2b7BGc40O4PQpA=; b=UxQ0hoTbPidx/gokpUfGfR
 Hm8DDPPLdreV9aal1qjpP6izKCqyF4IXuruQqzOiyjpzAfZUrgIS+fDkpgx8fzQd
 AI7qy5l7VIgIkU8zbxtBXKmygfTjBupQoJt2GO9TX553Mj8+GpShDbLerrxAUt6X
 aCfFlNb/pPW/+OlTc3YNy2f1kePVL7G293PN7rBzx/FiGt7yRclTBpgSTH8UyryQ
 Geq2ENEFy2DBL4/ZGe12sDjz60GqCGkgIvdZJa7rjhB6uWGebXqeXaRkXv2Fq/lr
 IUHrmL/hFxBRkUeIiT5bl7gK3f3oVGv41rM0NqQ53tr4lXz+2AFv8HQsX18BPx0Q
 ==
X-ME-Sender: <xms:jeNCX6-OSQMbKFniAU55EKh_zWY2GPk5m3cgMCGuRuzX8AYYEdf08Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedgudehfecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepnfgvohcu
 hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth
 htvghrnhepudekveegteekleetgfeitdejgfejkeffudethedvhfeukeduleeikeejfeeh
 ffetnecukfhppeejfedrudeguddruddvjedrudegieenucevlhhushhtvghrufhiiigvpe
 dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:jeNCX6sWzQ9NUySNGjqKNrMUQ6JRQB0FXiNMyg8Dhwh8vOOMTRaUKQ>
 <xmx:jeNCXwChtCMattwgMwZHQitZawIBykV3ANPHYODIEyUiHeDdcGKemg>
 <xmx:jeNCXyf5cS3CsO2sImQatzE3OTT6GZBfkkaOeSFvVDcfbcUbtP5bQQ>
 <xmx:juNCX1aAtfgBpnle62xBUtYw8VWnG8pSnInso2LrqfPuQhew-uATEA>
Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net
 [73.141.127.146])
 by mail.messagingengine.com (Postfix) with ESMTPA id 6C00B30600A9;
 Sun, 23 Aug 2020 17:45:49 -0400 (EDT)
Date: Sun, 23 Aug 2020 17:45:47 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <20200823214547.GA30907@jasmine.lan>
References: <20200822122750.78ddc111@scratchpost.org>
 <20200822162241.GA5895@jasmine.lan>
 <20200823232429.13c8c10e@scratchpost.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI"
Content-Disposition: inline
In-Reply-To: <20200823232429.13c8c10e@scratchpost.org>
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -1.0 (-)
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: 42983@debbugs.gnu.org
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (rsa verify failed) header.d=famulari.name header.s=mesmtp header.b=sDFNH0Rp;
	dkim=fail (rsa verify failed) header.d=messagingengine.com header.s=fm3 header.b=UxQ0hoTb;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Spam-Score: -2.11
X-TUID: fZEUjd9QsfBZ


--+HP7ph2BbKc20aGI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Aug 23, 2020 at 11:24:43PM +0200, Danny Milosavljevic wrote:
> Paul did not know that it is a per-user operation.
>=20
> I did almost exactly the same thing when I was a new guix user.
> That's pretty much what one is used to from Debian etc.

I see. Coming from Debian, I also had trouble learning the differences
between various options of sudo, and also the differences between login
shells, interactive shells, etc. They don't matter on Debian, but they
do matter for Guix.

> I don't really know whether it should do anything useful, but the current
> situation is seriously weird.

Considering how often people stumble on this, I've been wondering if
Guix should handle privilege escalation internally, rather than asking
users to learn these arcane details of Unix.

Systemd does that. For example, given an operation that requires
privileges, if I attempt to run it without privileges, it will use
polkit (I think) to escalate safely. It's optional and not all distros
enable it by default. It looks like this:

------
$ systemctl restart guix-daemon=20
=3D=3D=3D=3D AUTHENTICATING FOR org.freedesktop.systemd1.manage-units =3D=
=3D=3D
Authentication is required to restart 'guix-daemon.service'.
Authenticating as: leo,,, (leo)
Password:=20
=3D=3D=3D=3D AUTHENTICATION COMPLETE =3D=3D=3D
------

--+HP7ph2BbKc20aGI
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9C44sACgkQJkb6MLrK
fwh9iA//c3lD8Q73bJ6+qMUdIzL9yTyqQKGP1ZamIvyvtNluJ73xQfSGu5n93BBm
O5K/kCjeA7bBG08uSTXPULQV7wCnwmdeVusm9+39qFE2mr7w1XlLPULU66K0cTXq
M2Ir1vNxknUsgJ1aLBeN87HbJcwhyy5IjWiBio52+vOrAcnpMD5dWox1iO1Sje/2
kZj6wdSXW7yLpFvpH3nl3A7CHNOFaWH2R0SMUHrsCZMDX3AA3t/pvGfYPTAyZxeO
24U87arxY7z4j1qbXl8LQgGy7YiWN/+85dWFemtnWIFOKjBfaIPD74hJ8ChCyoQc
8pSYPszcQ75SQnhlNX24qK1iZbunCLXTD3uqw6lkvJmr139Wgld87U8b8FMYdbcn
1dQEceE9AVHvrPuH0wWfRLWdkEvr3QCg9zqTIYDMXnbCwGBtHY38CDRb9gbcAgyK
fw069+lnm8rwMRQdAtB88/s7EVUW3hOadsLPTegjJn9Cxy69xcEZrcNfY0za9L7U
B8GZqPxSGGiF7xTavjfzDUuYc5DLnLRRzoYZOoD15CHQ6t1phhhHu5RZkHPphJl+
EoERdVJ8S7AX0ArkJrNjELmQPEHammAWaJDBE20cJ45BESeq8xCLoelyCIPA0Zi6
tXvynFOC5PX+0/G+7K6TW9ONw3JoW6/R7hfJWNGiOyoUxIqHMwM=
=SM4L
-----END PGP SIGNATURE-----

--+HP7ph2BbKc20aGI--