From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id OIksK3b+R2RR2QAASxT56A (envelope-from ) for ; Tue, 25 Apr 2023 18:23:18 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id WMs0Knb+R2T5HAAAG6o9tA (envelope-from ) for ; Tue, 25 Apr 2023 18:23:18 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 765618C03 for ; Tue, 25 Apr 2023 18:23:18 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1prLRG-0003lA-4x; Tue, 25 Apr 2023 12:22:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prLRA-0003kn-FR for guix-devel@gnu.org; Tue, 25 Apr 2023 12:22:41 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1prLR8-0005ge-80 for guix-devel@gnu.org; Tue, 25 Apr 2023 12:22:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=/lX5NMx5mFrsxMe wlW2ggTHSj3EYBwyA0rbwVHAkJiY=; h=cc:to:subject:date:from:in-reply-to: references; d=lease-up.com; b=K7mYqtGXVcV6JbKG8zE6Cc2va4SQcCvJUwK9izwm cuzwzS/lZ4hGM4XQwCF5X9QN8CuDuwJgViC8Z/WmyJrIkcGVNI638dRQ1TgwrCrlH1duvI 3HMM0vlgWP98VGAl/hStO5Jzz/iOPuKBQYjU/rPJJ2SQaqCe/qTnVITrkyGMk= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id e35fe36d (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO) for ; Tue, 25 Apr 2023 16:22:31 +0000 (UTC) Received: by mail-lf1-f41.google.com with SMTP id 2adb3069b0e04-4edc63c82d1so6143160e87.0 for ; Tue, 25 Apr 2023 09:22:31 -0700 (PDT) X-Gm-Message-State: AAQBX9dCZaWWHszves/1ywdbjorMB0yhnjl06pxgfa57srV+h08ubc/I 6b25wdTesePDH/z7EKMGb9Zsjvruu+wNWi2xhEg= X-Google-Smtp-Source: AKy350YYU5wZgL/J5wSe7+MGFM5dHUjTY8c/moOjKXSowDtVLAAAtAg25/JIi6VhWCBP38I5fv9n0bFuhlnATCinSto= X-Received: by 2002:ac2:4430:0:b0:4ef:eb50:4d3d with SMTP id w16-20020ac24430000000b004efeb504d3dmr2403398lfl.18.1682439749000; Tue, 25 Apr 2023 09:22:29 -0700 (PDT) MIME-Version: 1.0 References: <87354otagp.fsf@jpoiret.xyz> <87wn20rn0s.fsf@jpoiret.xyz> In-Reply-To: <87wn20rn0s.fsf@jpoiret.xyz> Date: Tue, 25 Apr 2023 09:21:52 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Setuid handling? To: Josselin Poiret Cc: Guix Devel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=208.82.101.137; envelope-from=felix.lechner@lease-up.com; helo=sail-ipv4.us-core.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner From: Felix Lechner via "Development of GNU Guix and the GNU System distribution." Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1682439798; a=rsa-sha256; cv=none; b=Q6sWhZ9/soXCOdeQHfdQ4YAWU6GXlXS+JEy+l/H16aVrpsU63TNaxJuOoKqlAmWC8St37T mDMc22vcHefYAuWU0pv2AkDqWeASTXxmfX1deZI3oRj36E7kbL1Ky1F0uMBaK6VphUk7IJ CXc7KYqHzCnNonCQ9Ou/XMrcRzljgv88JFvVxi5+Lz7Q7YPKUx+n0Y8uQ9XYn17Te8hITJ crvgPDavaqgAiD45X30tOTGZsJfvYuY/SA+WmChEXrtaQ+EbhRZE6ppF8+0qZ5zjjG+sno BvhmIsyDhaSELjIsuY0jBl0ypIlpiKJIkwVyTR78wcBpt+0Crb2L8mp+0phPyQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=K7mYqtGX; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1682439798; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=T/PzpW/NPub9qDmZlGWN/Sl9g6SJgKoB9T3MjSPjcSQ=; b=YVkCnNbUmzqHJeiyp9x6UMggr96p9HUxMwnW4Ocz0eKX8z76dxlEI1HEL6NZioBLKaJEva LOF6xBq5PD+C0LR8JnflJANdI0boAd4j8CV9viU3Dap/gtUeE8UDU6r3He7uC69eXj1Cgy +z9qLBQPYQlI+U/r4nBEe4yAvS1Wzo/+nnSd1MMnjpcuANI15YXAuuw3HzdTRq2I4p+0NV RPXx9hf9imgc6LYLpdbYFdB23Kbf1ospBDZD6iEGxKkIxUQBTn/+CTfdpVIOPJz/0Abgt8 4iyiAJnsjT7f3H9PF5j9q7oaGeojPxgSX+EgNCDEXNeyNCMCpAwaDngPM23GYA== X-Migadu-Spam-Score: -0.91 X-Spam-Score: -0.91 X-Migadu-Queue-Id: 765618C03 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=K7mYqtGX; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-TUID: X3oQsPwG6sVh Hi Josselin, On Tue, Apr 25, 2023 at 8:37=E2=80=AFAM Josselin Poiret w= rote: > > Are you on Guix system? Thanks for asking! I am, and always have been. > /run/setuid-programs/ should be at the top of your PATH. Well, the home profile ends up being first here: $ echo $PATH | tr : '\n' /home/lechner/.guix-home/profile/bin /home/lechner/.guix-home/profile/sbin /home/lechner/.guix-home/profile/bin /home/lechner/.guix-home/profile/sbin /run/setuid-programs /home/lechner/.config/guix/current/bin /home/lechner/.guix-profile/bin /home/lechner/.guix-profile/sbin /run/current-system/profile/bin /run/current-system/profile/sbin /gnu/store/0c1yfbxyv877mlgychfgvmk5ha2jqh52-gzip-1.10/bin /gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32/bin > The default /etc/profile should ensure that Mine is shown below. > but if you do anything else with env variables it might get > shadowed. I have buffer-env installed (I'm in EXWM) although I am not sure it makes a difference. I also do not understand where the gzip and coreutils references come from. > I am not too sure of how guix home deals with this, you might > have to dig deeper there. Thanks for that pointer! I'm in Bash, via Eat. [1] Right now I'm not sure where to look, so more references from anybody would be appreciated. Kind regards Felix [1] https://codeberg.org/akib/emacs-eat * * * $ cat /etc/profile # Crucial variables that could be missing in the profiles' 'etc/profile' # because they would require combining both profiles. # FIXME: See . export MANPATH=3D$HOME/.guix-profile/share/man:/run/current-system/profile/= share/man export INFOPATH=3D$HOME/.guix-profile/share/info:/run/current-system/profil= e/share/info export XDG_DATA_DIRS=3D$HOME/.guix-profile/share:/run/current-system/profil= e/share export XDG_CONFIG_DIRS=3D$HOME/.guix-profile/etc/xdg:/run/current-system/pr= ofile/etc/xdg # Make sure libXcursor finds cursors installed into user or system profiles. See export XCURSOR_PATH=3D$HOME/.icons:$HOME/.guix-profile/share/icons:/run/cur= rent-system/profile/share/icons # Ignore the default value of 'PATH'. unset PATH # Load the system profile's settings. GUIX_PROFILE=3D/run/current-system/profile ; \ . /run/current-system/profile/etc/profile # Since 'lshd' does not use pam_env, /etc/environment must be explicitly # loaded when someone logs in via SSH. See . # We need 'PATH' to be defined here, for 'cat' and 'cut'. Do this before # reading the user's 'etc/profile' to allow variables to be overridden. if [ -f /etc/environment -a -n "$SSH_CLIENT" \ -a -z "$LINUX_MODULE_DIRECTORY" ] then . /etc/environment export `cat /etc/environment | cut -d=3D -f1` fi # Arrange so that ~/.config/guix/current comes first. for profile in "$HOME/.guix-profile" "$HOME/.config/guix/current" do if [ -f "$profile/etc/profile" ] then # Load the user profile's settings. GUIX_PROFILE=3D"$profile" ; \ . "$profile/etc/profile" else # At least define this one so that basic things just work # when the user installs their first package. export PATH=3D"$profile/bin:$PATH" fi done # Prepend setuid programs. export PATH=3D/run/setuid-programs:$PATH # Arrange so that ~/.config/guix/current/share/info comes first. export INFOPATH=3D"$HOME/.config/guix/current/share/info:$INFOPATH" # Set the umask, notably for users logging in via 'lsh'. # See . umask 022 # Allow Hunspell-based applications (IceCat, LibreOffice, etc.) to # find dictionaries. export DICPATH=3D"$HOME/.guix-profile/share/hunspell:/run/current-system/pr= ofile/share/hunspell" # Allow GStreamer-based applications to find plugins. export GST_PLUGIN_PATH=3D"$HOME/.guix-profile/lib/gstreamer-1.0" if [ -n "$BASH_VERSION" -a -f /etc/bashrc ] then # Load Bash-specific initialization code. . /etc/bashrc fi