Atemu
June 4, 2024, 1:10pm
5
The only attainable “proper” way out I can think of is to use polkit to elevate privileges. The new systemd 256 actually has a tool precisely for that purpose which you might want check out or build yourself atop of systemd-run.
opened 06:29AM - 24 Sep 19 UTC
0.kind: bug
**Describe the bug**
Running `sudo` inside the environment of `buildFHSUserenv.… env` does not work.
**To Reproduce**
Steps to reproduce the behavior:
1. Create `shell.nix` with
```
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv {
name = "sudo-env";
targetPkgs = pkgs: with pkgs; [ sudo ];
runScript = "bash";
}).env
```
2. Run `nix-shell`
3. Run `sudo whoami`
**Expected behavior**
`sudo whoami` should print `root`
**Actual behaviour**
```
$ sudo whoami
sudo: /nix/store/v6l2sacryfr88yqq0pq7sia8wfgm9q31-wrapper.c:203: main: Assertion `!(st.st_mode & S_ISUID) || (st.st_uid == geteuid())' failed.
Aborted
```
**Additional context**
I think this is caused by the owner of `sudo` being `nobody:nogroup`:
```
# Inside FHS env
$ ls -l /run/wrappers/bin/sudo
-r-s--x--x 1 nobody nogroup 17704 Sep 22 13:08 /run/wrappers/bin/sudo
# Outside FHS env
$ ls -l /run/wrappers/bin/sudo
-r-s--x--x 1 root root 17704 Sep 22 15:08 /run/wrappers/bin/sudo
```
**Metadata**
- system: `"x86_64-linux"`
- host os: `Linux 5.3.0, NixOS, 20.03pre193781.d484f2b7fc0 (Markhor)`
- multi-user?: `yes`
- sandbox: `no`
- version: `nix-env (Nix) 2.3`
- nixpkgs: `/nix/store/2p5njn4s0i93s9i8pwg276ibb15ynpyn-foo`
which is this unstable channel `nixos-20.03pre193781.d484f2b7fc0`
Maintainer information:
```yaml
# a list of nixpkgs attributes affected by the problem
attribute: buildFHSUserEnv
```
cc @abbradar
1 Like