%default-bash-profile still references /run/setuid-programs

  • Open
  • quality assurance status badge
Details
2 participants
  • Edouard Klein
  • Ludovic Courtès
Owner
unassigned
Submitted by
Edouard Klein
Severity
normal
E
E
Edouard Klein wrote on 2 Nov 20:04 +0100
(name . bug-guix)(address . bug-guix@gnu.org)
87a5ehmowp.fsf@gmail.com
Dear Guix,

/run/setuid-programs was replaced by /run/privileged some time ago.

Some of the users on the-dam.org don't have the new location in their
PATH. I've tracked it down to %default-bash-profile still referencing
the old location (in /gnu/system/shadow.scm):

# Prepend setuid programs.
export PATH=/run/setuid-programs:$PATH

This file ends up in /etc/skel, and from there is copied on the user's
HOME when the user is created.

I've grep /run/setuid-programs in the source and found that it is still
hardcoded in a few places.

Two questions:
If I submitted a patch series addressing these issues, would somebody
review it and apply it within a few weeks ?

And the more interesting one:
How do I correct the issue for my existing users, given that even if I
correct the code and reconfigure, the .bash_profile file in their HOME
is gonna stay the same ?
Maybe I should force everybody to use guix home ?

Cheers,

Edouard.
L
L
Ludovic Courtès wrote on 20 Nov 22:54 +0100
(name . Edouard Klein)(address . edouardklein@gmail.com)
87serlvae7.fsf@gnu.org
Hi Edouard,

(Cc: Tobias, who authors the privileged program mechanism.)

Edouard Klein <edouardklein@gmail.com> skribis:

Toggle quote (17 lines)
> Some of the users on the-dam.org don't have the new location in their
> PATH. I've tracked it down to %default-bash-profile still referencing
> the old location (in /gnu/system/shadow.scm):
>
> # Prepend setuid programs.
> export PATH=/run/setuid-programs:$PATH
>
> This file ends up in /etc/skel, and from there is copied on the user's
> HOME when the user is created.
>
> I've grep /run/setuid-programs in the source and found that it is still
> hardcoded in a few places.
>
> Two questions:
> If I submitted a patch series addressing these issues, would somebody
> review it and apply it within a few weeks ?

As you know there cannot be guarantees on the timeliness of volunteer
response, but surely this would be pretty high priority (and easy) to
review/apply.

Toggle quote (6 lines)
> And the more interesting one:
> How do I correct the issue for my existing users, given that even if I
> correct the code and reconfigure, the .bash_profile file in their HOME
> is gonna stay the same ?
> Maybe I should force everybody to use guix home ?

Maybe ‘.bash_profile’ should never have contained that line in the first
place.

But anyway, you could either run ‘sed’ on all the ‘.bash_profile’ files
of users (not great), or let them know, or just let go since AFAIK it
doesn’t hurt to have /run/setuid-programs in $PATH.

Thoughts?

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 74179@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74179
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch