unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
From: Leo Famulari <leo@famulari.name>
To: Simon Streit <lists@netpanic.org>
Cc: help-guix@gnu.org
Subject: Re: mount.davfs: program is not setuid root
Date: Mon, 19 Apr 2021 20:47:08 -0400	[thread overview]
Message-ID: <YH4kjEP9M1XXWeNy@jasmine.lan> (raw)
In-Reply-To: <ygulf9eow4q.fsf@netpanic.org>

On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
> I just tried again, and called mount as:
> --8<---------------cut here---------------start------------->8---
> /run/setuid-programs/mount -t <URL> ~/test/
> --8<---------------cut here---------------end--------------->8---
> where URL is my remote URL share trying to mount it to local test dir,
> where it fails with:
> --8<---------------cut here---------------start------------->8---
> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> --8<---------------cut here---------------end--------------->8---

So, '/run/setuid-programs/mount' is somehow resolving to
'/run/current-system/profile/sbin/mount.davfs'?

The executables in /run/setuid-programs are not supposed to be links.

They are created while "activating" Guix System by copying the programs
listed in the (setuid-programs) field of config.scm into
/run/setuid-programs and making these copies setuid.

Documentation on that:
https://guix.gnu.org/manual/devel/en/html_node/Setuid-Programs.html

And the code:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/build/activation.scm?h=v1.2.0#n229

Can you do `ls -la /run/setuid-programs`, and share the entire output of
that command?

By the way, regarding the default order of $PATH, here is my path from a
VM image created with the "bare bones" template [0] from the Guix source
code:

------
$ `guix system vm gnu/system/examples/bare-bones.tmpl`
[ ... QEMU launches the VM and I log in ...]
$ echo $PATH
/run/setuid-programs:/home/alice/.config/guix/current/bin:/home/alice/.guix-profile/bin/:/run/current-system/profile/bin:/run/current-system/profile/sbin
------

So, you could consider that the default order on Guix System. Annotated:

1) programs specified setuid by the system administrator
2) your user's `guix pull` profile
3) your user's profile of installed packages
4) programs provided via the (packages) field of config.scm (and maybe
from system services?)
5) same as 4, but programs contained in an 'sbin/' directory

[0] https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/examples/bare-bones.tmpl?h=v1.2.0


  reply	other threads:[~2021-04-20  0:47 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-16 13:31 mount.davfs: program is not setuid root Simon Streit
2021-04-16 16:34 ` Leo Famulari
2021-04-18 13:36   ` Simon Streit
2021-04-18 23:01     ` Leo Famulari
2021-04-19 10:50       ` Simon Streit
2021-04-19 17:18         ` Leo Famulari
2021-04-21 21:46           ` Simon Streit
2021-04-19 20:30       ` Simon Streit
2021-04-20  0:47         ` Leo Famulari [this message]
2021-04-20  6:57           ` Efraim Flashner
2021-04-20  7:20           ` Efraim Flashner
2021-04-21 21:43             ` Simon Streit
2021-05-11 17:42             ` Simon Streit
2021-05-11 18:41               ` Leo Famulari
2021-05-11 19:30                 ` Simon Streit
2021-05-11 19:34                   ` Leo Famulari
2021-05-11 20:59                     ` Simon Streit
2021-05-13 13:25             ` Simon Streit
2021-04-18 13:36   ` Simon Streit
2021-04-18 20:07   ` Simon Streit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YH4kjEP9M1XXWeNy@jasmine.lan \
    --to=leo@famulari.name \
    --cc=help-guix@gnu.org \
    --cc=lists@netpanic.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).