From: rekado <rekado@elephly.net>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: permission denied: /gnu/store/...guile...
Date: Fri, 22 May 2015 04:06:22 +0800 [thread overview]
Message-ID: <14d7811908c.f06290cb71568.256566750208527927@elephly.net> (raw)
> Could you post the output of
> “stat /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile”?
~~~~~
root@banana ~# stat /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile
File: ‘/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile’
Size: 10912 Blocks: 24 IO Block: 4096 regular file
Device: 803h/2051d Inode: 15582 Links: 1
Access: (0555/-r-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2015-05-21 09:06:47.744008648 +0200
Modify: 1970-01-01 01:00:01.000000000 +0100
Change: 2015-05-17 12:08:22.839537391 +0200
Birth: -
~~~~~
> What do the following return at the Guile REPL:
>
> (getgr 30000)
> (getpw 30001)
>
> ?
~~~~~
root@banana ~# guile
GNU Guile 2.0.11
Copyright (C) 1995-2014 Free Software Foundation, Inc.
Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.
Enter `,help' for help.
scheme@(guile-user)> (getgr 30000)
$1 = #("guixbuild" "x" 30000 ("guixbuilder01" "guixbuilder02" "guixbuilder03" "guixbuilder04" "guixbuilder05" "guixbuilder06" "guixbuilder07" "guixbuilder08" "guixbuilder09" "guixbuilder10"))
scheme@(guile-user)> (getpw 30001)
$2 = #("guixbuilder01" "x" 30001 30000 "Guix Build User 1" "/var/empty" "/gnu/store/6v6wngdavjg0vlkpx8h69pxlzmi8cb8a-shadow-4.1.5.1/sbin/nologin")
scheme@(guile-user)>
~~~~~
> Note that here, since it’s a fixed-output derivation, there’s no chroot,
> unshare, etc., so it’s really just UID 30001 running that file.
> Something equivalent to:
>
> # su guixbuilder01
> $ /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile
I cannot switch to user "guixbuilder01" without having to input a password. It appears that "su" is also not working as it should.
>> ~~~~~~~~
>> rekado@banana guix $ sudo ls
>> sudo: unable to stat /etc/sudoers: Permission denied
>> sudo: no valid sudoers sources found, quitting
>> sudo: unable to initialize policy plugin
>
> Same with:
>
> /run/setuid-programs/sudo ls
>
> ?
Yes, exactly the same message.
> Does /run/setuid-programs/sudo have the same inode as
> $(guix build sudo)/bin/sudo?
> stat -c '%i' /run/setuid-programs/sudo \
> $(guix build sudo)/bin/sudo
The inode is the same:
~~~~~
rekado@banana ~ $ stat -c '%i' /run/setuid-programs/sudo $(guix build sudo)/bin/sudo
1461970
1461970
~~~~~~
> The only partitions are / and /home, right?
I only manually mounted / (/dev/sda3) and /home (a luks logical volume):
~~~~~~
rekado@banana ~ $ mount
none on /proc type proc (rw,relatime)
none on /sys type sysfs (rw,relatime)
/dev/sda3 on / type ext4 (rw,relatime,data=ordered)
none on /dev type devtmpfs (rw,relatime,size=1966132k,nr_inodes=491533,mode=755)
none on /dev/pts type devpts (rw,relatime,gid=996,mode=620,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,relatime,size=1970696k)
/dev/sda3 on /gnu/store type ext4 (rw,relatime,data=ordered)
/dev/mapper/fedora-home on /home type ext4 (rw,relatime,data=ordered)
rekado@banana ~ $
~~~~~
Thank you,
Ricardo
next reply other threads:[~2015-05-21 20:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-21 20:06 rekado [this message]
2015-05-21 21:53 ` permission denied: /gnu/store/...guile Ludovic Courtès
2015-05-22 8:33 ` rekado
2015-05-22 13:33 ` Ludovic Courtès
-- strict thread matches above, loose matches on Subject: below --
2015-05-20 7:06 rekado
2015-05-20 8:17 ` Andreas Enge
2015-05-20 11:24 ` Daniel Pimentel
2015-05-20 12:24 ` Ludovic Courtès
2015-05-20 13:12 ` Daniel Pimentel
2015-05-20 17:24 ` Alex Kost
2015-05-20 12:18 ` Ludovic Courtès
2015-05-20 20:56 ` rekado
2015-05-21 8:03 ` Ludovic Courtès
2015-05-22 20:15 ` Mark H Weaver
2015-05-22 20:21 ` Mark H Weaver
2015-05-23 14:22 ` Ludovic Courtès
2015-05-23 16:26 ` Mark H Weaver
2015-05-23 22:28 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14d7811908c.f06290cb71568.256566750208527927@elephly.net \
--to=rekado@elephly.net \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.