From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <help-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp2 ([2001:41d0:2:bcc0::])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id 0DKPIqQkfmDwDgAAgWs5BA
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 20 Apr 2021 02:47:32 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp2 with LMTPS
	id IHx0HKQkfmAvcwAAB5/wlQ
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 20 Apr 2021 00:47:32 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id C613512F1D
	for <larch@yhetil.org>; Tue, 20 Apr 2021 02:47:31 +0200 (CEST)
Received: from localhost ([::1]:37502 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1lYeY6-0006M5-0K
	for larch@yhetil.org; Mon, 19 Apr 2021 20:47:30 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55982)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1lYeXs-0006Lm-EW
 for help-guix@gnu.org; Mon, 19 Apr 2021 20:47:16 -0400
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:58891)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1lYeXp-0003fZ-O9
 for help-guix@gnu.org; Mon, 19 Apr 2021 20:47:16 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.west.internal (Postfix) with ESMTP id 7FB103757;
 Mon, 19 Apr 2021 20:47:11 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Mon, 19 Apr 2021 20:47:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=cMyCQplFlhn2IGFx5d7xCTr3
 TylbIWpyNysm2wdQ9T0=; b=oYiUD1V6GlvyEZS8nJBSVA/VMyjCGKtpd9Vm+Ryb
 W2vO0k57gLoHYr8U6q4y5oRSEmqyEU8y9+mYYgbby2ov0lgj2XGUobCpgBSrqNt6
 Z7dAkHw5uH5YVIKh2yXcnHvpTilBV5n/b4ot5gjm3il0U6hWwkdREJsHsN9mIsza
 koQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=cMyCQp
 lFlhn2IGFx5d7xCTr3TylbIWpyNysm2wdQ9T0=; b=o7A2Wm26MvIuemA4kE89rF
 q9NaPTaSMB1qa+toR0ldrgVFyiiO9gEdhp7qsCrpvQ+Lb6JeAOKzqBYVwxVfJbC+
 KaTiP564SFElrlA8u4PCZ157cOISj8E84qCt9T+XSGFizFZKCZHieCuAt36kJzh8
 bnJUf7nRN54otSQ+XwTMYYpTQHPLJ41w9AQQGg7gFCQOFN0l1Y7AzSPh6TQfAyiY
 +RG/6IdaG69wkJL/DjAmY65o+NkUmj25K8jPOhM6s2Zi5KUC5cK81OLOgBIFegf5
 GoeQz0d/2/PLpR0274P1FgEse4u6XDiyjuI8RXvKxDW0RHrtq77wrlY6QAX/sNuQ
 ==
X-ME-Sender: <xms:jiR-YO3Yh9ccRl6m5ZXubBFtNHWKx5qOX2wjn2ZSTmrnI_2xrxDiOg>
 <xme:jiR-YPCScaip8tgZJNe4FlhYYp3xkoQGzjaFx6OTfZRhoIE7pX_eDxHjxtMtKne-V
 hBt8iYgRD3tYlSq1A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvddthedgfeekucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre
 dttddtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgr
 rhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhepvddvudegffefiedttdfhfedvuefhgf
 ekieekgeekveetgefhfeetgfegueduffeinecuffhomhgrihhnpehgnhhurdhorhhgnecu
 kfhppedutddtrdduuddrudeiledruddukeenucevlhhushhtvghrufhiiigvpedtnecurf
 grrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:jiR-YJNxEE_5gShrfGxamLfnMDqjVM-NW0u0FOF3idOsQ7Md_fdFgA>
 <xmx:jiR-YEbIUeYrBNCVWLd0fT7np1myKSKEkhAuYK700tdD70sLBJ3qBA>
 <xmx:jiR-YIuZNsMlPXrRfnvP8u55FCfa1WkAd75ZCnP7nRIDJ34LD6L9Hw>
 <xmx:jyR-YMEZUP5wl1KRvzjtLuuArwEnn6D_xW__F6V228J37C0UCoVUiw>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id A39F21080057;
 Mon, 19 Apr 2021 20:47:10 -0400 (EDT)
Date: Mon, 19 Apr 2021 20:47:08 -0400
From: Leo Famulari <leo@famulari.name>
To: Simon Streit <lists@netpanic.org>
Subject: Re: mount.davfs: program is not setuid root
Message-ID: <YH4kjEP9M1XXWeNy@jasmine.lan>
References: <yguo8eebbkf.fsf@netpanic.org> <YHm8rWGby+qZYn/n@jasmine.lan>
 <ygulf9fl6m9.fsf@netpanic.org> <YHy6VEWA0fCV4Rem@jasmine.lan>
 <ygulf9eow4q.fsf@netpanic.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ygulf9eow4q.fsf@netpanic.org>
Received-SPF: pass client-ip=64.147.123.19; envelope-from=leo@famulari.name;
 helo=wout3-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: help-guix@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Cc: help-guix@gnu.org
Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1618879652;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=cMyCQplFlhn2IGFx5d7xCTr3TylbIWpyNysm2wdQ9T0=;
	b=n0bfAS2I9jtTZzhzE4PoNRaOf9WNhwkhxWuCkMJjsf6XxVaUTA82KwAwJRbQCHluSll7KR
	XF73RZUOMmtT/k7dOSZZlDrShAERAFbEJ0QpJzOi65Z0OyukhuN8eA1syAGh0Q2vyEcY1L
	dxbceV2UFLyEtRBoVNWuDkmiDjjDXi7TnT8WrM63DYT4vhHA9cnAmBD6R/LXZOvAu7Cp/P
	c6TMJ45pN33vM4RhGMlslyV/6iPMBgy7+XT7CMSNNYTtZz5AXAPlT6jRPp004hlP57E3ZL
	/kLLanznh8BMFlKP/eXL7hCJLOPg0s/6ooZOjcy7WPU6R4y8NBkY7gOaSBMVNw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1618879652; a=rsa-sha256; cv=none;
	b=eXzOnFBq+nZBTALYhRjxuAJpwCKj6etVe7lobx1oQA/q0lGOQm2k4EuTjswcAYESmIQ9vL
	U9AjoUzjGdAzk512B8Euq36VCFZLBI4trrW08moC85+jOv1A9b320AjugBoWA5OGfIDXwn
	cWhp2EbFc5aku9mXhSQHWmHVEbJR8u80NDRQhmRmZDmIwk6PMih89j3nTY4jO1L1GVF6Be
	KNbyYEkXN5HHypcwOC+zOleSyPV9SprwwGWeIedWQpKAW7qhhKvaEBKtcbreh/jJnEUNP3
	bJMwCKlniE/lPG8KI/QjGTp/RaqmH10XWiAg9rnobgE2VvlQ3PP86l40W+A5kQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=famulari.name header.s=mesmtp header.b=oYiUD1V6;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=o7A2Wm26;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org
X-Migadu-Spam-Score: -2.64
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=famulari.name header.s=mesmtp header.b=oYiUD1V6;
	dkim=pass header.d=messagingengine.com header.s=fm2 header.b=o7A2Wm26;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org
X-Migadu-Queue-Id: C613512F1D
X-Spam-Score: -2.64
X-Migadu-Scanner: scn0.migadu.com
X-TUID: /h8SgEGy1FzH

On Mon, Apr 19, 2021 at 10:30:13PM +0200, Simon Streit wrote:
> I just tried again, and called mount as:
> --8<---------------cut here---------------start------------->8---
> /run/setuid-programs/mount -t <URL> ~/test/
> --8<---------------cut here---------------end--------------->8---
> where URL is my remote URL share trying to mount it to local test dir,
> where it fails with:
> --8<---------------cut here---------------start------------->8---
> /run/current-system/profile/sbin/mount.davfs: program is not setuid root
> --8<---------------cut here---------------end--------------->8---

So, '/run/setuid-programs/mount' is somehow resolving to
'/run/current-system/profile/sbin/mount.davfs'?

The executables in /run/setuid-programs are not supposed to be links.

They are created while "activating" Guix System by copying the programs
listed in the (setuid-programs) field of config.scm into
/run/setuid-programs and making these copies setuid.

Documentation on that:
https://guix.gnu.org/manual/devel/en/html_node/Setuid-Programs.html

And the code:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/build/activation.scm?h=v1.2.0#n229

Can you do `ls -la /run/setuid-programs`, and share the entire output of
that command?

By the way, regarding the default order of $PATH, here is my path from a
VM image created with the "bare bones" template [0] from the Guix source
code:

------
$ `guix system vm gnu/system/examples/bare-bones.tmpl`
[ ... QEMU launches the VM and I log in ...]
$ echo $PATH
/run/setuid-programs:/home/alice/.config/guix/current/bin:/home/alice/.guix-profile/bin/:/run/current-system/profile/bin:/run/current-system/profile/sbin
------

So, you could consider that the default order on Guix System. Annotated:

1) programs specified setuid by the system administrator
2) your user's `guix pull` profile
3) your user's profile of installed packages
4) programs provided via the (packages) field of config.scm (and maybe
from system services?)
5) same as 4, but programs contained in an 'sbin/' directory

[0] https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/examples/bare-bones.tmpl?h=v1.2.0