Udevil is not run suid root

Hello all,
New Nix user here.
I am trying to mount a smb directory by opening the url in smapceFM but I have this error:

udevil mount smb://
udevil:sudo udevil mount smb://
[sudo] password for yottanami:
udevil: denied 73: fstype 'cifs' is not an allowed type error 37: udevil was not run suid root
        To correct this problem: sudo chmod +s /usr/bin/udevi

I guess I should not look for udevi in /usr/bin.

whereis udevil
udevil: /nix/store/rg1dpq3xa0ld5rasj7wfxn2jfqpd5ghb-system-path/bin/udevil

Since the store is read-only, how can I do the chmod?

If you’re using nixos, these are handled with a “security wrapper”, and it looks like devil already has one you could enable with this option: https://search.nixos.org/options?channel=23.05&show=programs.udevil.enable&from=0&size=50&sort=relevance&type=packages&query=Udevil

If you aren’t on nixos, this is a sharp corner AFAIK. I guess you’d need to create your own setuid wrapper–they aren’t allowed in the store.

(Limited interface to system/nix-external dependencies? is about one aspect of this problem–being able to get references to the correct run-time path from inside a nix build. It doesn’t, however, currently address how we’d actually manage a setuid executable outside of nixos.)

1 Like

Thanks @abathur
Enabling the option fixed the issue now I have different error which complains about cifs:

udevil: denied 73: fstype 'cifs' is not an allowed type

I have cifs-utils in my systemPakcages and gvfs service is also enabled.

I’m not specifically familiar with udevil, so I’m not sure whether this is about compilation or config.

I see someone doing this in the wild:

So I guess the first thing I’d check, since it’s a denial, is whether you have or need a udevil.conf that specifies cifs as an allowed type.