[Nix-dev] Nix suid problems
Eelco Dolstra
eelco at cs.uu.nl
Tue Nov 9 12:19:00 CET 2004
Hi,
On Tue, 9 Nov 2004 11:10:57 +0100
Armijn Hemel <armijn at uulug.nl> wrote:
> well, not much of a problem, but more of a warning. When running Nix in
> suid mode some things don't work well anymore. Dumping the store is a
> bit tricky with some packages, in my case glibc.
>
> This is needed for building the UML for NixOS. It barfs with:
>
> error: opening file
> `/nix/store/f447029d6a08995eab1b66f8c781fb2a-glibc-2.3.3/libexec/pt_cho
> wn': Permission denied
> error: unexpected end-of-file
>
> this file is readable for the owner only, which in this case is the user
> "nix", because Nix is running suid. Is there a solution planned, or
> should I just either keep changing the store and/or my builder?
Nix should "fix" the permissions of all files after a build, i.e., make
them group/world readable, and remove any setuid bits. It should also
change the timestamp on all files to 0 (00:00 1/1/1970) to remove any
possible indeterminism due to the time of the build.
For now you should just manually change the permissions of pt_chown to
555.
--
Eelco Dolstra | http://www.cs.uu.nl/~eelco
More information about the nix-dev
mailing list