Can't upgrade multiuser Nix installation

blitz · July 31, 2020, 12:34pm

I’m trying to upgrade Nix in a multi-user installation on Fedora. My problem boils down to:

% nix upgrade-nix         
[0.0 MiB DL]
replacing old 'nix-2.3.4'
installing 'nix-2.3.7'
error: opening lock file '/nix/var/nix/profiles/default.lock': Permission denied
error: program '/nix/store/8928ygfyf9iassfrnj76v55s6zid58ja-nix-2.3.4/bin/nix-env' failed with exit code 1

# Mmh. Apparently, I need more permissions:
% sudo $(which nix) upgrade-nix
error: couldn't figure out how Nix is installed, so I can't upgrade it

Is this a bug or am I holding it wrong?

raboof · July 31, 2020, 2:54pm

I’m not familiar with the way nix does locking, but it is possible that this file is created with the permissions set so that even root cannot delete it. This would be a safety feature rather than a security feature: root can change the permissions to allow himself to delete the file if he really wants to, this just makes it a little harder so you think twice before doing it .

Can you ls -alFh /nix/var/nix/profiles/default.lock?

casept · August 1, 2020, 10:50am

Also, can you try it in a proper root shell (as in one spawned with sudo su or similar)? sudo does not set env vars like $HOME by default, so that might be the problem.

blitz · August 3, 2020, 7:39am

Running the upgrade in sudo -i to get a real login shell did work. Many thanks! @casept

$ sudo -i
% nix upgrade-nix
[0.0 MiB DL]
replacing old 'nix-2.3.4'
installing 'nix-2.3.7'
upgrade to version 2.3.7 done