"sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set" and "cannot chdir(/var/cron), bailing out. /var/cron: Permission denied"

I am using Nixos unstable. I tried to remove surplus entries in $PATH (i am using fish) by adding the following to config.fish:

set -U fish_user_paths
fish_add_path /run/current-system/sw/bin
fish_add_path ~/.nix-profile/bin
fish_add_path /etc/profiles/per-user/sperber/bin
fish_add_path /nix/var/nix/profiles/default/bin

This removed the surplus paths and all Paths that i require showed up when entering echo $PATH. However, it somehow screwed up sudo. It showed the following error:

sudo: /run/current-system/sw/bin/sudo must be owned by uid 0 and have the setuid bit set

Entering crontab -e yields

cannot chdir(/var/cron), bailing out. 
/var/cron: Permission denied

Commenting out the added entries in config.fish didn’t solve the problem so i reinstalled Nixos. However, upon reapplying my configuration.nix with nixos-rebuild-switch i have the same errors again. I did nothing other than reapply my configuration.nix and set the /home directory to its original partition with all my files and .config etc.

So it seems that my changes to config.fish introduced this error and it persists even after removing the added entries.

Checking the owner of sudo: /run/current-system/sw/bin/sudo yields

lrwxrwxrwx  root sudo -> /nix/store/jijfndjmj25xnaaap4c785qq53silj84-sudo-1.9.11p3/bin/sudo

So apparently sudo is still owned by root and something else must be happening. I guess the culprit is fish but i don’t understand it.

This is my config.fish:

if status is-interactive
    set -g fish_key_bindings fish_vi_key_bindings
    bind -M insert -m default jh repaint-mode
    bind -M insert \cc kill-whole-line repaint
    bind -M insert \cd forward-char

    set -gx EDITOR "emacsclient -nw"
    #set -gx VISUAL "emacsclient -c -a ''"

    set -g fish_greeting
    set -x MANPAGER "sh -c 'col -bx | bat -l man -p'"


#     set -U fish_user_paths
#     fish_add_path /run/current-system/sw/bin
#     fish_add_path ~/.nix-profile/bin
#     fish_add_path /etc/profiles/per-user/sperber/bin
#     fish_add_path /nix/var/nix/profiles/default/bin

    fish_add_path ~/Dokumente/Install/Linux/Skripte
    ### Hinzugefügt für Emacs
#     fish_add_path ~/.npm-global
    fish_add_path ~/.npm-global/bin
    fish_add_path ~/.config/composer/vendor/bin
    fish_add_path ~/.emacs.d/bin
    fish_add_path /run/current-system/sw/share/hunspell

end

zoxide init fish | source
navi widget fish | source

How can i solve the problem and what is the reason for it?

All setuid and setgid executables need to be configured with wrappers due to how the nix store works, these wrappers are enabled trough the module system. You’ve clearly added sudo to your environment.systemPackages, and for whatever reason that is now selected over the wrapper in /run/wrappers/bin when you execute sudo in your shell.

The fix here is to not add sudo (or any other setuid application) to your systemPackages and use the module instead.

Edit: just saw your edit, you probably want to enable programs.fish, your base PATH should look something like: /run/wrappers/bin /home/r/.nix-profile/bin /etc/profiles/per-user/r/bin /nix/var/nix/profiles/default/bin /run/current-system/sw/bin

This is not the case unfortunately. I expanded my initial post, could this also be caused by my config.fish?

Yes, see my edit.

(why does discourse have a character limit)

Fish is enabled as follows:

  programs.fish.enable = true;
  users.defaultUserShell = pkgs.fish;
  environment.binsh = "${pkgs.dash}/bin/dash";

My $PATH right now contains the following:

/run/current-system/sw/share/hunspell
/run/current-system/sw/bin
/home/sperber/.emacs.d/bin
/home/sperber/.config/composer/vendor/bin
/home/sperber/.npm-global/bin
/home/sperber/Dokumente/Install/Linux/Skripte
/run/wrappers/bin 
/home/sperber/.nix-profile/bin
/etc/profiles/per-user/sperber/bin 
/nix/var/nix/profiles/default/bin

The strange thing is, that all worked fine before and now it doesn’t, although i reverted my config.fish to its original working state.

That’s clearly your problem right there, you must have had some lingering state from the commented out lines that I assumed you called* at some point. Fish has this concept of universal variables that linger between shells, maybe fish_add_path modifies those? I’m not really sure.

Do you know how to purge this to reset fish?

They used to be stored in ~/.config/fish/fish_variables at some point, might be it’s still the case.

1 Like

Thank you for your help!

~/.config/fish/fish_variables is correct but simply removing the file makes fish display an error. Deleting ~/.config/fish leads to sudo being executed correctly in fish again, so i’ll start from there.

If i had thought to simply try executing sudo in bash i would have saved me the reinstallation of Nixos to try to fix things… :joy:

1 Like

Yeah, reinstalling is a bit extreme when you can simply run /run/wrappers/bin/sudo.

1 Like

/run/wrappers/bin is not a surplus entry in the PATH, you want to keep it. And you want to keep it close to the front of your PATH.

1 Like