Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#79433 - [nix] Inconsistent user creation behavior compared to the Nix official install script
Attached to Project:
Arch Linux
Opened by avimitin (avimitin) - Monday, 21 August 2023, 06:53 GMT
Last edited by George Rawlinson (rawlinsong) - Friday, 22 September 2023, 09:15 GMT
Opened by avimitin (avimitin) - Monday, 21 August 2023, 06:53 GMT
Last edited by George Rawlinson (rawlinsong) - Friday, 22 September 2023, 09:15 GMT
|
DetailsDescription:
The sysuser configuration provided in the nix package doesn't specify a home directory for nix build users. According to systemd manual, this will fallback to using root directory "/" as home directory for these build users. And JVM will initialize `user.home` by reading the /etc/passwd file, not by $HOME environment variable. This causes a bug that when packaging a Java application with sandbox option set to false, JVM will try to read the host's /etc/passwd file, and unexpectedly have write permission to the chroot root directory. The official install script sets the nixbld user home to /var/empty by usermod. So I think the correct behavior might be adding /var/empty as the home directory in sysuser.conf file. ```conf u nixbld01 -:nixbld "Nix builder 01" /var/empty ``` * systemd sysuser home directory default behavior: https://www.freedesktop.org/software/systemd/man/sysusers.d.html#Home%20Directory * nix install script default behavior: https://github.com/NixOS/nix/blob/master/scripts/install-multi-user.sh#L574-L579 |
This task depends upon
Closed by George Rawlinson (rawlinsong)
Friday, 22 September 2023, 09:15 GMT
Reason for closing: Upstream
Additional comments about closing: Every single user created with systemd-sysusers generally has the same *unset* home directory.
Please create an issue with upstream.
Friday, 22 September 2023, 09:15 GMT
Reason for closing: Upstream
Additional comments about closing: Every single user created with systemd-sysusers generally has the same *unset* home directory.
Please create an issue with upstream.