[Nix-dev] sudo and nix-channel (was: Re: NixOS channel)
Kirill Elagin
kirelagin at gmail.com
Sun Jun 17 13:46:02 CEST 2012
Ahh... I don't get how this works. According to `man sudoers`, env_reset is
enabled by default, so $HOME should be set to the target user's home (and,
indeed, that happens in my Gentoo box).
On the other hand, description of `-H` option in `man sudo` states that “By
default, sudo does not modify HOME (see set_home and always_set_home in
sudoers(5))“, while `man sudoers` says that always_set_home “is off by
default”. Who to trust??
Either the environment should be reset or nix-channel should use $USER
instead of $HOME to find the path to .nix-channels.
--
Кирилл Елагин
2012/6/17 Florian Friesdorf <flo at chaoflow.net>
> On Tue, 15 May 2012 14:11:43 -0400, Eelco Dolstra <
> eelco.dolstra at logicblox.com> wrote:
> > Hi all,
> >
> > Since a few weeks there is a NixOS channel, which is now the default
> mechanism
> > for keeping NixOS up to date. (A channel is a Nix mechanism for
> distributing a
> > consistent set of Nix expressions and binaries.) A quick summary on how
> to use it:
> >
> > $ nix-channel --add
> http://nixos.org/releases/nixos/channels/nixos-unstable
> > $ nix-channel --update
>
> $ sudo nix-channel --add ...
>
> creates the ~/.nix-channels in the HOME of the user running sudo, not
> /root.
>
> $ sudo nix-channel --update
>
> creates ~/.nix-defexpr/channels in the HOME of the user running sudo,
> not /root.
>
>
> $ sudo -i
> # nix-channel --add ...
> # nix-channel --update
>
> work like expected inside /root.
>
>
> It feels not many people are using sudo to directly run commands or to
> rephrase: is anybody except me using sudo without -i?
>
> Do we want to support running commands with sudo and if, what is the
> expected behaviour?
>
> Use user config but do things as root?
> Use root config and do things as root?
>
> I think the latter, as using user config as root is dangerous and
> especially in case of the channels, feels wrong.
>
> better:
>
> $ nix-channel --add (adds a channel for the current user)
> $ sudo nix-channel --add (adds a channel for root)
>
>
> regards
> florian
> --
> Florian Friesdorf <flo at chaoflow.net>
> GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083
> Jabber/XMPP: flo at chaoflow.net
> IRC: chaoflow on freenode,ircnet,blafasel,OFTC
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20120617/a6082a63/attachment.html
More information about the nix-dev
mailing list