Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --set-home to sudo invocation #902

Closed
wants to merge 1 commit into from
Closed

Add --set-home to sudo invocation #902

wants to merge 1 commit into from

Conversation

mkenigs
Copy link
Contributor

@mkenigs mkenigs commented Mar 27, 2024
edited
Loading

It is assumed that dirs::home_dir() refers to root's home directory.
This is used, for example, to setup a root profile with nix-env in
SetupDefaultProfile.

dirs::home_dir() is derived from $HOME, but on macOS, by default
sudo does not set $HOME to root's home unless
--set-home is passed.

> sudo bash -c 'echo $HOME'
/Users/matthew
> sudo --set-home bash -c 'echo $HOME'
/var/root

Pass --set-home to the sudo invocation so that $HOME is always
set, regardless of the system's security policy.

@mkenigs
Add --set-home to sudo invocation
02481b7 
It is assumed that `dirs::home_dir()` refers to root's home directory.
This is used, for example, to setup a root profile with nix-env in
`SetupDefaultProfile`.

`dirs::home_dir()` is derived from `$HOME`, but on macOS, by default
`sudo` does not set `$HOME` to root's home unless
`--set-home` is passed.

```
> sudo bash -c 'echo $HOME'
/Users/matthew
> sudo --set-home bash -c 'echo $HOME'
/var/root
```

Pass `--set-home` to the `sudo` invocation so that `$HOME` is always
set, regardless of the system's security policy.
@cole-h
Copy link
Member

cole-h commented Apr 5, 2024

Diff LGTM, just tested and seems to behave fine!

However, I am curious: what's the benefit of doing this? When will having the wrong HOME cause issues? As far as I can tell, the upstream Nix installer also doesn't use --set-home.

@mkenigs
Copy link
Contributor Author

mkenigs commented Apr 5, 2024
edited
Loading

The issue is that the nix profile will be set up for the current user rather than root.

Upstream explicitly sets HOME="$ROOT_HOME" where ROOT_HOME is set to ~root https://github.com/NixOS/nix/blob/74130fd1f12f7f0e941c5e352fe19811583fe6e3/scripts/install-multi-user.sh#L850

And here there's HOME set to dirs::home_dir()

nix-installer/src/action/base/setup_default_profile.rs

Line 182 in 5ecf3c4

dirs::home_dir()

I'm not quite sure what ~root does, maybe check in /etc/passwd? I guess that would be another approach.

@cole-h
Copy link
Member

cole-h commented Apr 5, 2024

Gotcha, I missed that -- OK, that makes sense. Thanks, added to the batch in #922.

@mkenigs
Copy link
Contributor Author

mkenigs commented Apr 5, 2024

Thanks!

@cole-h cole-h mentioned this pull request Apr 5, 2024
Merged
6 tasks
@cole-h cole-h closed this in #922 Apr 5, 2024
@cole-h cole-h added this to the 0.18.0 milestone Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cole-h cole-h cole-h approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.18.0
Development

Successfully merging this pull request may close these issues.
2 participants
@mkenigs @cole-h