bug#32183: New ‘guix pull’ /root/.config/current/bin/guix: Permission denied

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: ludo@gnu.org (Ludovic Courtès)
To: Konrad Hinsen <konrad.hinsen@fastmail.net>
Cc: 32183@debbugs.gnu.org
Subject: bug#32183: New ‘guix pull’ /root/.config/current/bin/guix: Permission denied
Date: Tue, 11 Sep 2018 12:12:15 +0200	[thread overview]
Message-ID: <87zhwo9wcg.fsf@gnu.org> (raw)
In-Reply-To: <m1y3c89y3a.fsf@fastmail.net> (Konrad Hinsen's message of "Tue, 11 Sep 2018 11:34:33 +0200")

Hi Konrad,

Konrad Hinsen <konrad.hinsen@fastmail.net> skribis:

>> Specifically, you’d have to run something along these lines as root:
>>
>>   strace -f -p $(pidof guix-daemon) -o log
>>
>> and then, as root or non-root (it doesn’t matter), run, say:
>>
>>   guix build curl -S --no-substitutes
>
> The log file (compressed) is attached.
>
> In doing this I noticed that I have two guix-daemon processes running:
>
> root      1583  0.0  0.0  33156  2412 ?        Ss   08:55   0:00 /root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild
> root     13003  0.0  0.0  36028  6256 ?        Ss   11:28   0:00 /root/.config/guix/current/bin/guix-daemon 12770
>
> I ran strace on the first one.

Ooh, I see.  The log shows this:

--8<---------------cut here---------------start------------->8---
13795 setgroups(1, [999])               = 0
13795 setgid(999)                       = 0
13795 getgid()                          = 999
13795 getegid()                         = 999
13795 setuid(499)                       = 0
13795 getuid()                          = 499
13795 geteuid()                         = 499

[...]

13795 execve("/gnu/store/sf84mb2y5vcykwq9fv02l2nipp34qng2-guix-daemon-0.15.0-3.3d43017/libexec/guix/download", ["download", "/gnu/store/j3swd19y4wzv6nrr13bv7"..., "/gnu/store/rdlndkf50sn0jq7bqkbhm"...], 0xa26f60 /* 17 vars */) = 0

[...]

13795 execve("/root/.config/guix/current/bin/guix", ["/root/.config/guix/current/bin/g"..., "perform-download", "/gnu/store/j3swd19y4wzv6nrr13bv7"..., "/gnu/store/rdlndkf50sn0jq7bqkbhm"...], 0x6c0530 /* 19 vars */) = -1 EACCES (Permission denied)
13795 stat("/root/.config/guix/current/bin/guix", 0x7fffffffe1d0) = -1 EACCES (Permission denied)
--8<---------------cut here---------------end--------------->8---

The download process is running as a build user, not as root, hence the
permission issue (silly me!).

Now we need to find a way to use ‘guix’ from root’s
~/.config/guix/current.  A solution may be to expose that profile under
/var/guix/profiles.  Needs more thought…

Thanks for helping out!

Ludo’.

next prev parent reply	other threads:[~2018-09-11 10:13 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-17  8:55 [bug#32183] New ‘guix pull’ /root/.config/current/bin/guix: Permission denied Pjotr Prins
2018-07-17  9:42 ` Pjotr Prins
2018-07-17  9:51   ` Pjotr Prins
2018-07-17 19:15 ` Leo Famulari
2018-07-17 22:28   ` bug#32183: " Ludovic Courtès
2018-07-23 22:28 ` Pjotr Prins
2018-07-26 13:50   ` Ludovic Courtès
2018-09-02 13:55     ` Ludovic Courtès
2018-09-02 14:28       ` Pjotr Prins
2018-09-02 20:04         ` Ludovic Courtès
2018-09-06 21:10           ` Pjotr Prins
2018-09-09  7:20             ` Pjotr Prins
2018-09-09 14:02               ` Pjotr Prins
2018-09-09 14:44             ` Ludovic Courtès
2018-09-11  9:34               ` Konrad Hinsen
2018-09-11 10:12                 ` Ludovic Courtès [this message]
2018-09-11 13:23                   ` Pjotr Prins
2018-09-11 13:58                     ` Pjotr Prins
2018-09-11 14:27                       ` Ludovic Courtès
2018-10-11 16:32                       ` Ludovic Courtès
2018-10-12  6:59                         ` Konrad Hinsen
2018-10-12 12:57                           ` Ludovic Courtès
2018-10-15 11:59                             ` Konrad Hinsen
2018-10-15 19:33                               ` Ludovic Courtès
2018-10-16 10:41                                 ` Konrad Hinsen
2018-10-17  8:44                                   ` Ludovic Courtès
2018-10-17  9:17                                     ` Konrad Hinsen
2018-10-17 23:06                                       ` Ludovic Courtès
2018-11-02 14:38                                       ` swedebugia
2018-11-03 14:13                                         ` Ludovic Courtès
2018-10-14 18:12                         ` Pjotr Prins
2018-09-11 14:26                     ` Ludovic Courtès
2018-09-05 15:27 ` bug#32183: Me too! Konrad Hinsen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87zhwo9wcg.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=32183@debbugs.gnu.org \
    --cc=konrad.hinsen@fastmail.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.