Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nix-channel doesn't work as expected with sudo #1548

Open
LnL7 opened this issue Sep 1, 2017 · 16 comments
Open

nix-channel doesn't work as expected with sudo #1548

LnL7 opened this issue Sep 1, 2017 · 16 comments
Assignees
@vcunat
Labels
cli The old and/or new command line interface macos Nix on macOS, aka OS X, aka darwin

Comments

@LnL7
Copy link
Member

LnL7 commented Sep 1, 2017

On macOS it seems like nix-channel doesn't behave correctly when just using sudo.
I'm not sure if this also happens on other platforms, but it works fine on nixos.

$ sudo nix-channel --list
$ sudo -i nix-channel --list
nixpkgs http://nixos.org/channels/nixpkgs-unstable

and even more confusing

$ sudo nix-channel --add http://nixos.org/channels/foo
$ sudo nix-channel --update
unpacking channels...
created 3 symlinks in user environment
$ sudo nix-channel --list
foo http://nixos.org/channels/foo
$ sudo -i nix-channel --list
nixpkgs http://nixos.org/channels/nixpkgs-unstable

$ ls -l ~/.nix-defexpr
lrwxr-xr-x   1 root  staff   44 Sep  1 21:41 channels -> /nix/var/nix/profiles/per-user/root/channels
lrwxr-xr-x   1 root  staff   44 Jul 23 12:26 channels_root -> /nix/var/nix/profiles/per-user/root/channels
$ ls /nix/var/nix/profiles/per-user/root/channels
binary-caches manifest.nix  nixpkgs
$ ls /nix/var/nix/profiles/per-user/lnl/channels
manifest.nix
@copumpkin
Copy link
Member

cc @grahamc given that this changed with the multi-user setup

@domenkozar
Copy link
Member

domenkozar commented Sep 2, 2017
edited
Loading

cc @jmitchell

@grahamc
Copy link
Member

grahamc commented Sep 2, 2017

Doing some debugging, so far things are looking okay here:

nixos$ nix-channel --add https://nixos.org/channels/nixos-17.03 fizzbuzz
nixos$ nix-channel --update
downloading Nix expressions from ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’...
downloading ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’... [6975/9252 KiB, 6959.8 KiB/s]
unpacking channels...
nixos$ ls /nix/var/nix/profiles/per-user/grahamc/channels/           
binary-caches  fizzbuzz  manifest.nix



macos$ nix-channel --add https://nixos.org/channels/nixos-17.03 fizzbuzz
macos$ nix-channel --update
downloading Nix expressions from ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’...
downloading ‘https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1775.56da88a298/nixexprs.tar.xz’... [7295/9252 KiB, 7277.6 KiB/s]
unpacking channels...
macos$ ls /nix/var/nix/profiles/per-user/graham/channels/
binary-caches	fizzbuzz	manifest.nix

I wonder if sudo nix-channel --add http://nixos.org/channels/foo (ie: without the second arg) is causing problems there.

I definitely have the problem:

nixos$ nix-channel --list                                 
fizzbuzz https://nixos.org/channels/nixos-17.03
nixos$ sudo nix-channel --list
nixos https://nixos.org/channels/nixos-17.03
nixos$ sudo -i nix-channel --list
nixos https://nixos.org/channels/nixos-17.03



macos$ nix-channel --list
fizzbuzz https://nixos.org/channels/nixos-17.03
macos$ sudo nix-channel --list
fizzbuzz https://nixos.org/channels/nixos-17.03
macos$ sudo -i nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable

@grahamc
Copy link
Member

grahamc commented Sep 4, 2017
edited
Loading

More info:

nixos$ sudo env | grep HOME=               
HOME=/root

plus

macos$ sudo env | grep HOME=
HOME=/Users/graham

plus

https://github.com/NixOS/nix/blob/1.11-maintenance/scripts/nix-channel.in#L25-L26

= nix-channel is looking at user's channels w/ sudo on macos, and root's channels w/ sudo on nixos.

This is because of this macOS default:

macos$ sudo cat /etc/sudoers | grep -i home
Defaults    env_keep += "HOME MAIL"

@nixy
Copy link

nixy commented Sep 20, 2017

So where go from here?

It seems like a workaround would be to just edit the sudoers file when a multiuser installation is done. I'm not sure this would be a good idea though since this change has deeper implications than most of the other changes the multiuser install seems to make.

Would modifying the way Nix gets the home directory be better?

I'm interested in seeing this fixed. While this is a minor irritation it poses a pretty big barrier for people trying to use Nix on MacOS who are just starting out.

@edolstra
Copy link
Member

Maybe something like: if HOME is set and exists but is owned by a different uid than the current user, then ignore it and use getpwuid instead.

@LnL7
Copy link
Member Author

LnL7 commented Sep 20, 2017

I would prefer not to depend on getpwuid but changing sudoers sounds like a terrible idea so it's probably the best solution.

@eqyiel eqyiel mentioned this issue Oct 5, 2017
Open
@lingnand
Copy link

I removed HOME from my sudoer file as a workaround. Took me quite a bit of time hunting around as to why nix-channel --list shows nothing. At the very least with a fresh install on macos some warning would be useful to illustrate how to properly access the current nixos status given the multi user setup. Basically the confusion for me (as someone who just installed nix):

  1. macos installer defaulted to multi user, whereas the quick start guide is geared towards single user (and there is no documentation illustrating why multi user is chosen as default or how is it better; there isn't even an obvious option to use single user during the setup)
  2. inability to quickly see what the nix is actually using because of this bug

@fghibellini
Copy link

Related: https://stackoverflow.com/questions/47857211/what-nix-channel-is-subscribed-to-by-default/48128659

@shlevy shlevy added the backlog label Apr 1, 2018
@jcrben jcrben mentioned this issue Jul 23, 2018
Open
@blast-hardcheese
Copy link

I discovered this as well:

blast$ nix-channel --list
blast$ sudo nix-channel --list
Password:

though sudo has a -H flag that properly sets the HOME envvar, intended for this purpose:

blast$ sudo -H nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
blast$ sudo -H nix-channel --update
unpacking channels...
created 2 symlinks in user environment

this was definitely confusing initially, as it seemed as though I could install packages without being subscribed to any channels at all.

@domenkozar domenkozar mentioned this issue Oct 21, 2020
Open
@stale
Copy link

stale bot commented Feb 15, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the stale label Feb 15, 2021
@blast-hardcheese
Copy link

well, until the questions around whether nix-channels should be removed/repurposed are resolved, I think this should probably not be closed because of "stale"

@stale stale bot removed the stale label Feb 18, 2021
@stale
Copy link

stale bot commented Aug 18, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the stale label Aug 18, 2021
@ghost
Copy link

ghost commented Oct 20, 2021
edited by ghost
Loading

Not stale.

Also occurs on NixOS with sudo -E (obviously).

@stale stale bot removed the stale label Oct 20, 2021
@stale
Copy link

stale bot commented Apr 18, 2022

I marked this as stale due to inactivity. → More info

@stale stale bot added the stale label Apr 18, 2022
mkenigs added a commit to mkenigs/nix that referenced this issue Jun 6, 2022
@mkenigs
Don't read HOME from environment
139bc67 
On darwin, sudo does not clear HOME, so HOME will still be set to a users home directory rather than root's.

util::getHome reads that value of HOME and is used in a number of different places, which causes unexpected behavior in quite a few ways

See NixOS#1548 for some issues with nix-channel

nix profile will symlink ~/.nix-profile to the default system profile

nix will create ~/.cache owned by root:
$ rm -r ~/.cache
$ sudo nix --extra-experimental-features "nix-command flakes" run nixpkgs#hello
Hello, world!
$ ls -ld ~/.cache
drwxr-xr-x 3 root staff 96 Jun  6 17:14 /Users/matthew/.cache

I'm guessing similar problems occur elsewhere getHome is used
mkenigs added a commit to mkenigs/nix that referenced this issue Jun 6, 2022
@mkenigs
Don't read HOME from environment
9c3ccb5 
On darwin, sudo does not clear HOME, so HOME will still be set to a
user's home directory rather than root's.

util::getHome reads that value of HOME and is used in a number of
different places, which causes unexpected behavior in quite a few ways

See NixOS#1548 for some issues with
nix-channel

nix profile will symlink ~/.nix-profile to the default system profile

nix will create ~/.cache owned by root:
$ rm -r ~/.cache
$ sudo nix --extra-experimental-features "nix-command flakes" run nixpkgs#hello
Hello, world!
$ ls -ld ~/.cache
drwxr-xr-x 3 root staff 96 Jun  6 17:14 /Users/matthew/.cache

I'm guessing similar problems occur elsewhere getHome is used
@mkenigs mkenigs mentioned this issue Jun 6, 2022
Closed
@virusdave
Copy link
Contributor

This issue can be closed. I recently added a PR (since landed) which fixes this on macos.

@fricklerhandwerk fricklerhandwerk added macos Nix on macOS, aka OS X, aka darwin cli The old and/or new command line interface labels Sep 13, 2022
@stale stale bot removed stale labels Sep 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vcunat vcunat

Labels
cli The old and/or new command line interface macos Nix on macOS, aka OS X, aka darwin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests