guix shell --container --share=/etc overrides shadow files

  • Open
  • quality assurance status badge
One participant
  • Christina O'Donnell
Submitted by
Christina O'Donnell
Christina O'Donnell wrote on 11 Jan 15:10 +0100
(address .
Hi Guix,

Running the below command as root overrides the running system's shadow
(/etc/shadow, /etc/passwd, and /etc/group).

WARNING: Don't run the following outside of a VM!

  guix shell --container --share=/etc

This erases the current user from the passwd database, meaning `su` and
no longer work, and you can't log in.


The context is that I was tracking down a libreoffice bug using guix
time-machine and ran the very clever command trying to get the display

  sudo guix time-machine ... -- environment -C --ad-hoc coreutils sway \
    --preserve='DISPLAY' --preserve='XDG' --share=/etc -- sway

Now of course if you write random commands with sudo, you should expect
to brick
your system from time to time. And setting `--share=/etc` wasn't
smart idea. However, it would have been nice to not have that wipe my
shadow files.

For example, being warned about sharing /etc with a container.

To reproduce, run the Guix command in a basic VM image, connecting to Guix
daemon on the host.[1]

Please let me know if you have any questions!

Kind regards,
 - Christina O'Donnell


[1] See my blog for more details:
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to

To respond to this issue using the mumi CLI, first switch to it
mumi current 68387
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch