Re: Setuid handling?

[Felix Lechner]

Hi Josselin,

On Tue, Apr 25, 2023 at 8:37 AM Josselin Poiret <dev@jpoiret.xyz> wrote:
>
> Are you on Guix system?

Thanks for asking! I am, and always have been.

>  /run/setuid-programs/ should be at the top of your PATH.

Well, the home profile ends up being first here:

$ echo $PATH | tr : '\n'
/home/lechner/.guix-home/profile/bin
/home/lechner/.guix-home/profile/sbin
/home/lechner/.guix-home/profile/bin
/home/lechner/.guix-home/profile/sbin
/run/setuid-programs
/home/lechner/.config/guix/current/bin
/home/lechner/.guix-profile/bin
/home/lechner/.guix-profile/sbin
/run/current-system/profile/bin
/run/current-system/profile/sbin
/gnu/store/0c1yfbxyv877mlgychfgvmk5ha2jqh52-gzip-1.10/bin
/gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32/bin

> The default /etc/profile should ensure that

Mine is shown below.

> but if you do anything else with env variables it might get
> shadowed.

I have buffer-env installed (I'm in EXWM) although I am not sure it
makes a difference. I also do not understand where the gzip and
coreutils references come from.

> I am not too sure of how guix home deals with this, you might
> have to dig deeper there.

Thanks for that pointer! I'm in Bash, via Eat. [1] Right now I'm not
sure where to look, so more references from anybody would be
appreciated.

Kind regards
Felix

[1] https://codeberg.org/akib/emacs-eat

* * *

$ cat /etc/profile
# Crucial variables that could be missing in the profiles' 'etc/profile'
# because they would require combining both profiles.
# FIXME: See <http://bugs.gnu.org/20255>.
export 
MANPATH=$HOME/.guix-profile/share/man:/run/current-system/profile/share/man
export 
INFOPATH=$HOME/.guix-profile/share/info:/run/current-system/profile/share/info
export XDG_DATA_DIRS=$HOME/.guix-profile/share:/run/current-system/profile/share
export 
XDG_CONFIG_DIRS=$HOME/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg

# Make sure libXcursor finds cursors installed into user or system
profiles.  See <http://bugs.gnu.org/24445>
export 
XCURSOR_PATH=$HOME/.icons:$HOME/.guix-profile/share/icons:/run/current-system/profile/share/icons

# Ignore the default value of 'PATH'.
unset PATH

# Load the system profile's settings.
GUIX_PROFILE=/run/current-system/profile ; \
. /run/current-system/profile/etc/profile

# Since 'lshd' does not use pam_env, /etc/environment must be explicitly
# loaded when someone logs in via SSH.  See <http://bugs.gnu.org/22175>.
# We need 'PATH' to be defined here, for 'cat' and 'cut'.  Do this before
# reading the user's 'etc/profile' to allow variables to be overridden.
if [ -f /etc/environment -a -n "$SSH_CLIENT" \
     -a -z "$LINUX_MODULE_DIRECTORY" ]
then
  . /etc/environment
  export `cat /etc/environment | cut -d= -f1`
fi

# Arrange so that ~/.config/guix/current comes first.
for profile in "$HOME/.guix-profile" "$HOME/.config/guix/current"
do
  if [ -f "$profile/etc/profile" ]
  then
    # Load the user profile's settings.
    GUIX_PROFILE="$profile" ; \
    . "$profile/etc/profile"
  else
    # At least define this one so that basic things just work
    # when the user installs their first package.
    export PATH="$profile/bin:$PATH"
  fi
done

# Prepend setuid programs.
export PATH=/run/setuid-programs:$PATH

# Arrange so that ~/.config/guix/current/share/info comes first.
export INFOPATH="$HOME/.config/guix/current/share/info:$INFOPATH"

# Set the umask, notably for users logging in via 'lsh'.
# See <http://bugs.gnu.org/22650>.
umask 022

# Allow Hunspell-based applications (IceCat, LibreOffice, etc.) to
# find dictionaries.
export 
DICPATH="$HOME/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell"

# Allow GStreamer-based applications to find plugins.
export GST_PLUGIN_PATH="$HOME/.guix-profile/lib/gstreamer-1.0"

if [ -n "$BASH_VERSION" -a -f /etc/bashrc ]
then
  # Load Bash-specific initialization code.
  . /etc/bashrc
fi