* bug#40550: zsh: sudo is not setuid
@ 2020-04-11 10:10 Alexandru-Sergiu Marton
2020-04-11 19:38 ` Efraim Flashner
0 siblings, 1 reply; 9+ messages in thread
From: Alexandru-Sergiu Marton @ 2020-04-11 10:10 UTC (permalink / raw)
To: 40550
Hi,
I changed my default shell to zsh with the following line added to
my user-account record in my config.scm:
(shell #~(string-append #$zsh "/bin/zsh"))
After reconfiguring the system and rebooting, when I try to run sudo or
su (I guess this problem appears for every thing in %setuid-programs), I
get a message saying it isn't actually a setuid program.
I'm writing this from a reconfigured system started at the same point as
the zsh one started, but with bash. Here I don't have that problem --
setuid programs work as expected.
Steps to reproduce:
- $ guix pull
- Change the default shell to zsh in your config.scm, as presented
above.
- $ sudo guix system reconfigure config.scm
- Reboot.
- Try to run sudo or su. It should give you an error.
Cheers,
Sergiu
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-11 10:10 bug#40550: zsh: sudo is not setuid Alexandru-Sergiu Marton
@ 2020-04-11 19:38 ` Efraim Flashner
2020-04-13 4:46 ` Alexandru-Sergiu Marton
0 siblings, 1 reply; 9+ messages in thread
From: Efraim Flashner @ 2020-04-11 19:38 UTC (permalink / raw)
To: Alexandru-Sergiu Marton; +Cc: 40550
[-- Attachment #1: Type: text/plain, Size: 2741 bytes --]
On Sat, Apr 11, 2020 at 01:10:17PM +0300, Alexandru-Sergiu Marton wrote:
> Hi,
>
> I changed my default shell to zsh with the following line added to
> my user-account record in my config.scm:
>
> (shell #~(string-append #$zsh "/bin/zsh"))
>
> After reconfiguring the system and rebooting, when I try to run sudo or
> su (I guess this problem appears for every thing in %setuid-programs), I
> get a message saying it isn't actually a setuid program.
>
> I'm writing this from a reconfigured system started at the same point as
> the zsh one started, but with bash. Here I don't have that problem --
> setuid programs work as expected.
>
> Steps to reproduce:
> - $ guix pull
> - Change the default shell to zsh in your config.scm, as presented
> above.
> - $ sudo guix system reconfigure config.scm
> - Reboot.
> - Try to run sudo or su. It should give you an error.
Do you have sudo installed in a profile? /run/setuid-programs/sudo
should be the first 'sudo' in your PATH regardless of the shell. What's
the contents of your $PATH?
(ins)efraim@E5400 ~$ which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
(ins)efraim@E5400 ~$ guix environment --ad-hoc zsh
substitute: updating substitutes from 'http://192.168.1.183:3000'... 100.0%
substitute: updating substitutes from 'http://192.168.1.217:3000'... 100.0%
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://bayfront.guix.gnu.org'... 100.0%
The following derivation will be built:
/gnu/store/yfqfk66vl1s6av45a92ml5l60d2kaxyk-profile.drv
2.1 MB will be downloaded:
/gnu/store/icyx0ynnaaradzzxfqyjrwy0x545zdn5-zsh-5.8
The following profile hooks will be built:
/gnu/store/8kim2ay78nrlgpdks734hridk21waxhc-fonts-dir.drv
/gnu/store/fxdkr919viih72p9s2zkiadgj7r182d1-info-dir.drv
/gnu/store/ml3s254v7zf4dmwmfpc59clr0xgllsbn-ca-certificate-bundle.drv
/gnu/store/rvd1xybadpnzwlm1qz7iqcsky1dj2myw-manual-database.drv
downloading from https://ci.guix.gnu.org/nar/lzip/icyx0ynnaaradzzxfqyjrwy0x545zdn5-zsh-5.8...
zsh-5.8 2.0MiB 1.6MiB/s 00:01 [##################] 100.0%
building CA certificate bundle...
building fonts directory...
building directory of Info manuals...
building database for manual pages...
building profile with 1 package...
(ins)efraim@E5400 ~ [env]$ zsh
E5400% which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-11 19:38 ` Efraim Flashner
@ 2020-04-13 4:46 ` Alexandru-Sergiu Marton
2020-04-13 5:01 ` Alexandru-Sergiu Marton
2020-04-13 17:55 ` Leo Famulari
0 siblings, 2 replies; 9+ messages in thread
From: Alexandru-Sergiu Marton @ 2020-04-13 4:46 UTC (permalink / raw)
To: Efraim Flashner, Alexandru-Sergiu Marton; +Cc: 40550
On Sun Apr 12, 2020 at 1:38 AM PST, Efraim Flashner wrote:
> Do you have sudo installed in a profile? /run/setuid-programs/sudo
> should be the first 'sudo' in your PATH regardless of the shell. What's
> the contents of your $PATH?
This is my $PATH in zsh:
/home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin
> (ins)efraim@E5400 ~$ which -a sudo
> /run/setuid-programs/sudo
> /run/current-system/profile/bin/sudo
$ which -a sudo
/run/current-system/profile/bin/sudo
BUT!
$ ls /run/setuid-programs/
dbus-daemon-launch-helper newuidmap pkexec sudoedit
fusermount passwd polkit-agent-helper-1 umount
mount ping su
newgidmap ping6 sudo
So it looks like it's a problem with my PATH. While in bash I don't
append /run/setuid-programs to it manually, yet bash recognizes the
setuid programs. I'll probably add /run/setuid-programs by hand but I'm
wondering why doesn't it work by default.
Thanks,
Sergiu
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-13 4:46 ` Alexandru-Sergiu Marton
@ 2020-04-13 5:01 ` Alexandru-Sergiu Marton
2020-04-13 17:55 ` Leo Famulari
1 sibling, 0 replies; 9+ messages in thread
From: Alexandru-Sergiu Marton @ 2020-04-13 5:01 UTC (permalink / raw)
To: Alexandru-Sergiu Marton, Efraim Flashner, Alexandru-Sergiu Marton; +Cc: 40550
Just a few more details. If I boot into a system config with bash as the
default shell, this is my $PATH:
/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/setuid-programs:/home/brown/.config/guix/current/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
If I get zsh through an environment, my PATH still has
/run/setuid-programs in it.
[brown@121408 ~]$ guix environment --ad-hoc zsh
[brown@121408 ~][env]$ zsh
[brown@121408 ~]$ echo $PATH
/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/gnu/store/anb9bk6qbwhblfr6fqcv6iiq8scyng1i-profile/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/setuid-programs:/home/brown/.config/guix/current/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
[brown@121408 ~]$ which -a sudo
/run/setuid-programs/sudo
/run/current-system/profile/bin/sudo
So my problem happens only when setting zsh as an account's default
shell.
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-13 4:46 ` Alexandru-Sergiu Marton
2020-04-13 5:01 ` Alexandru-Sergiu Marton
@ 2020-04-13 17:55 ` Leo Famulari
2020-04-13 19:14 ` Leo Famulari
1 sibling, 1 reply; 9+ messages in thread
From: Leo Famulari @ 2020-04-13 17:55 UTC (permalink / raw)
To: Alexandru-Sergiu Marton; +Cc: Alexandru-Sergiu Marton, 40550
On Mon, Apr 13, 2020 at 07:46:58AM +0300, Alexandru-Sergiu Marton wrote:
> On Sun Apr 12, 2020 at 1:38 AM PST, Efraim Flashner wrote:
> > Do you have sudo installed in a profile? /run/setuid-programs/sudo
> > should be the first 'sudo' in your PATH regardless of the shell. What's
> > the contents of your $PATH?
>
> This is my $PATH in zsh:
> /home/brown/bin:/home/brown/.local/bin:/home/brown/.guix-profile/bin:/home/brown/.guix-profile/sbin:/run/current-system/profile/bin
Setting up Zsh should definitely work when creating a new user's home
directory, but maybe it doesn't do the right thing when changing a
user's shell after the home directory has already been created. We
should look into that.
Please copy the contents of '/etc/skel/.zprofile' to your zprofile file
and check for the /run/setuid-programs in your $PATH after logging in
again with `zsh --login`.
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-13 17:55 ` Leo Famulari
@ 2020-04-13 19:14 ` Leo Famulari
2020-04-17 5:45 ` Alexandru-Sergiu Marton
2020-04-17 7:58 ` Alexandru-Sergiu Marton
0 siblings, 2 replies; 9+ messages in thread
From: Leo Famulari @ 2020-04-13 19:14 UTC (permalink / raw)
To: Alexandru-Sergiu Marton; +Cc: Alexandru-Sergiu Marton, 40550
On Mon, Apr 13, 2020 at 01:55:55PM -0400, Leo Famulari wrote:
> Setting up Zsh should definitely work when creating a new user's home
> directory, but maybe it doesn't do the right thing when changing a
> user's shell after the home directory has already been created. We
> should look into that.
I tested it, and if the file ~/.zprofile already exists when Guix tries
to set up its own ~/.zprofile, then nothing is done. Maybe you already
had a ~/.zprofile?
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-13 19:14 ` Leo Famulari
@ 2020-04-17 5:45 ` Alexandru-Sergiu Marton
2020-04-17 7:58 ` Alexandru-Sergiu Marton
1 sibling, 0 replies; 9+ messages in thread
From: Alexandru-Sergiu Marton @ 2020-04-17 5:45 UTC (permalink / raw)
To: Leo Famulari; +Cc: Alexandru-Sergiu Marton, 40550
On Mon Apr 13, 2020 at 6:14 PM PST, Leo Famulari wrote:
> I tested it, and if the file ~/.zprofile already exists when Guix tries
> to set up its own ~/.zprofile, then nothing is done. Maybe you already
> had a ~/.zprofile?
Yes. That should be the problem then. It is confusing though, because I
didn't think for a second that might affect it. How is this set up on
bash? It doesn't look like there is any place where /run/setuid-programs
is appended to PATH in any of my bash files.
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-13 19:14 ` Leo Famulari
2020-04-17 5:45 ` Alexandru-Sergiu Marton
@ 2020-04-17 7:58 ` Alexandru-Sergiu Marton
2020-04-17 14:44 ` Efraim Flashner
1 sibling, 1 reply; 9+ messages in thread
From: Alexandru-Sergiu Marton @ 2020-04-17 7:58 UTC (permalink / raw)
To: Leo Famulari; +Cc: Alexandru-Sergiu Marton, 40550
On Mon Apr 13, 2020 at 6:14 PM PST, Leo Famulari wrote:
> I tested it, and if the file ~/.zprofile already exists when Guix tries
> to set up its own ~/.zprofile, then nothing is done. Maybe you already
> had a ~/.zprofile?
What does "when Guix tries to set up its own ~/.zprofile" exactly mean?
When should that happen? I tried reconfiguring my system to use zsh and
I deleted my ~/.zprofile prior to that, but after the reconfiguration
there was no new ~/.zprofile created in my home dir.
Currently I append /run/setuid-programs manually to my PATH to get
around this issue.
^ permalink raw reply [flat|nested] 9+ messages in thread
* bug#40550: zsh: sudo is not setuid
2020-04-17 7:58 ` Alexandru-Sergiu Marton
@ 2020-04-17 14:44 ` Efraim Flashner
0 siblings, 0 replies; 9+ messages in thread
From: Efraim Flashner @ 2020-04-17 14:44 UTC (permalink / raw)
To: Alexandru-Sergiu Marton; +Cc: Alexandru-Sergiu Marton, 40550
[-- Attachment #1: Type: text/plain, Size: 1063 bytes --]
On Fri, Apr 17, 2020 at 10:58:52AM +0300, Alexandru-Sergiu Marton wrote:
> On Mon Apr 13, 2020 at 6:14 PM PST, Leo Famulari wrote:
> > I tested it, and if the file ~/.zprofile already exists when Guix tries
> > to set up its own ~/.zprofile, then nothing is done. Maybe you already
> > had a ~/.zprofile?
>
> What does "when Guix tries to set up its own ~/.zprofile" exactly mean?
> When should that happen? I tried reconfiguring my system to use zsh and
> I deleted my ~/.zprofile prior to that, but after the reconfiguration
> there was no new ~/.zprofile created in my home dir.
I believe it would only insert a new .zprofile when a new user is
created. zprofile is in (gnu system shadow) and currently it only
sources /etc/profile.
>
> Currently I append /run/setuid-programs manually to my PATH to get
> around this issue.
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-04-17 14:46 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-11 10:10 bug#40550: zsh: sudo is not setuid Alexandru-Sergiu Marton
2020-04-11 19:38 ` Efraim Flashner
2020-04-13 4:46 ` Alexandru-Sergiu Marton
2020-04-13 5:01 ` Alexandru-Sergiu Marton
2020-04-13 17:55 ` Leo Famulari
2020-04-13 19:14 ` Leo Famulari
2020-04-17 5:45 ` Alexandru-Sergiu Marton
2020-04-17 7:58 ` Alexandru-Sergiu Marton
2020-04-17 14:44 ` Efraim Flashner
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).