> Could you post the output of > “stat /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile”?
~~~~~ root@banana ~# stat /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile File: ‘/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile’ Size: 10912 Blocks: 24 IO Block: 4096 regular file Device: 803h/2051d Inode: 15582 Links: 1 Access: (0555/-r-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2015-05-21 09:06:47.744008648 +0200 Modify: 1970-01-01 01:00:01.000000000 +0100 Change: 2015-05-17 12:08:22.839537391 +0200 Birth: - ~~~~~ > What do the following return at the Guile REPL: > > (getgr 30000) > (getpw 30001) > > ? ~~~~~ root@banana ~# guile GNU Guile 2.0.11 Copyright (C) 1995-2014 Free Software Foundation, Inc. Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'. This program is free software, and you are welcome to redistribute it under certain conditions; type `,show c' for details. Enter `,help' for help. scheme@(guile-user)> (getgr 30000) $1 = #("guixbuild" "x" 30000 ("guixbuilder01" "guixbuilder02" "guixbuilder03" "guixbuilder04" "guixbuilder05" "guixbuilder06" "guixbuilder07" "guixbuilder08" "guixbuilder09" "guixbuilder10")) scheme@(guile-user)> (getpw 30001) $2 = #("guixbuilder01" "x" 30001 30000 "Guix Build User 1" "/var/empty" "/gnu/store/6v6wngdavjg0vlkpx8h69pxlzmi8cb8a-shadow-4.1.5.1/sbin/nologin") scheme@(guile-user)> ~~~~~ > Note that here, since it’s a fixed-output derivation, there’s no chroot, > unshare, etc., so it’s really just UID 30001 running that file. > Something equivalent to: > > # su guixbuilder01 > $ /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile I cannot switch to user "guixbuilder01" without having to input a password. It appears that "su" is also not working as it should. >> ~~~~~~~~ >> rekado@banana guix $ sudo ls >> sudo: unable to stat /etc/sudoers: Permission denied >> sudo: no valid sudoers sources found, quitting >> sudo: unable to initialize policy plugin > > Same with: > > /run/setuid-programs/sudo ls > > ? Yes, exactly the same message. > Does /run/setuid-programs/sudo have the same inode as > $(guix build sudo)/bin/sudo? > stat -c '%i' /run/setuid-programs/sudo \ > $(guix build sudo)/bin/sudo The inode is the same: ~~~~~ rekado@banana ~ $ stat -c '%i' /run/setuid-programs/sudo $(guix build sudo)/bin/sudo 1461970 1461970 ~~~~~~ > The only partitions are / and /home, right? I only manually mounted / (/dev/sda3) and /home (a luks logical volume): ~~~~~~ rekado@banana ~ $ mount none on /proc type proc (rw,relatime) none on /sys type sysfs (rw,relatime) /dev/sda3 on / type ext4 (rw,relatime,data=ordered) none on /dev type devtmpfs (rw,relatime,size=1966132k,nr_inodes=491533,mode=755) none on /dev/pts type devpts (rw,relatime,gid=996,mode=620,ptmxmode=000) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,relatime,size=1970696k) /dev/sda3 on /gnu/store type ext4 (rw,relatime,data=ordered) /dev/mapper/fedora-home on /home type ext4 (rw,relatime,data=ordered) rekado@banana ~ $ ~~~~~ Thank you, Ricardo