guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: permission denied: /gnu/store/...guile...

From: rekado
Subject: Re: permission denied: /gnu/store/...guile...
Date: Fri, 22 May 2015 04:06:22 +0800
User-agent: Zoho Mail 
> Could you post the output of
> “stat /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile”?

~~~~~
address@hidden ~# stat 
/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile
  File: ‘/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile’
  Size: 10912           Blocks: 24         IO Block: 4096   regular file
Device: 803h/2051d      Inode: 15582       Links: 1
Access: (0555/-r-xr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2015-05-21 09:06:47.744008648 +0200
Modify: 1970-01-01 01:00:01.000000000 +0100
Change: 2015-05-17 12:08:22.839537391 +0200
 Birth: -
~~~~~

> What do the following return at the Guile REPL:
>
> (getgr 30000)
> (getpw 30001)
>
> ?

~~~~~
address@hidden ~# guile
GNU Guile 2.0.11
Copyright (C) 1995-2014 Free Software Foundation, Inc.

Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.

Enter `,help' for help.
scheme@(guile-user)> (getgr 30000)
$1 = #("guixbuild" "x" 30000 ("guixbuilder01" "guixbuilder02" "guixbuilder03" 
"guixbuilder04" "guixbuilder05" "guixbuilder06" "guixbuilder07" "guixbuilder08" 
"guixbuilder09" "guixbuilder10"))
scheme@(guile-user)> (getpw 30001)
$2 = #("guixbuilder01" "x" 30001 30000 "Guix Build User  1" "/var/empty" 
"/gnu/store/6v6wngdavjg0vlkpx8h69pxlzmi8cb8a-shadow-4.1.5.1/sbin/nologin")
scheme@(guile-user)> 
~~~~~

> Note that here, since it’s a fixed-output derivation, there’s no chroot,
> unshare, etc., so it’s really just UID 30001 running that file.
> Something equivalent to:
>
> # su guixbuilder01
> $ /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile

I cannot switch to user "guixbuilder01" without having to input a password.  It 
appears that "su" is also not working as it should.

>> ~~~~~~~~
>> address@hidden guix $ sudo ls
>> sudo: unable to stat /etc/sudoers: Permission denied
>> sudo: no valid sudoers sources found, quitting
>> sudo: unable to initialize policy plugin
>
> Same with:
>
> /run/setuid-programs/sudo ls
>
> ?

Yes, exactly the same message.

> Does /run/setuid-programs/sudo have the same inode as
> $(guix build sudo)/bin/sudo?

> stat -c '%i' /run/setuid-programs/sudo \
> $(guix build sudo)/bin/sudo

The inode is the same:

~~~~~
address@hidden ~ $ stat -c '%i' /run/setuid-programs/sudo $(guix build 
sudo)/bin/sudo
1461970
1461970
~~~~~~

> The only partitions are / and /home, right?

I only manually mounted / (/dev/sda3) and /home (a luks logical volume):

~~~~~~
address@hidden ~ $ mount
none on /proc type proc (rw,relatime)
none on /sys type sysfs (rw,relatime)
/dev/sda3 on / type ext4 (rw,relatime,data=ordered)
none on /dev type devtmpfs (rw,relatime,size=1966132k,nr_inodes=491533,mode=755)
none on /dev/pts type devpts (rw,relatime,gid=996,mode=620,ptmxmode=000)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,relatime,size=1970696k)
/dev/sda3 on /gnu/store type ext4 (rw,relatime,data=ordered)
/dev/mapper/fedora-home on /home type ext4 (rw,relatime,data=ordered)
address@hidden ~ $ 
~~~~~

Thank you,
Ricardo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]