45/64: Set up directories and permissions for multi-user install automat

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

45/64: Set up directories and permissions for multi-user install automat

From:	Ludovic Court�s
Subject:	45/64: Set up directories and permissions for multi-user install automatically
Date:	Mon, 05 Jan 2015 16:39:06 +0000

civodul pushed a commit to branch nix
in repository guix.

commit 696f960dee35889433adfa6c08a2dbfb6ea0724f
Author: Eelco Dolstra <address@hidden>
Date:   Fri May 2 14:31:15 2014 +0200

    Set up directories and permissions for multi-user install automatically
    
    This automatically creates /nix/var/nix/profiles/per-user and sets the
    permissions/ownership on /nix/store to 1775 and root:nixbld.
---
 src/libstore/local-store.cc |   29 ++++++++++++++++++++++++++++-
 1 files changed, 28 insertions(+), 1 deletions(-)

diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 567706d..5d210ae 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -20,6 +20,7 @@
 #include <errno.h>
 #include <stdio.h>
 #include <time.h>
+#include <grp.h>
 
 #if HAVE_UNSHARE && HAVE_STATVFS && HAVE_SYS_MOUNT_H
 #include <sched.h>
@@ -237,7 +238,7 @@ LocalStore::LocalStore(bool reserveSpace)
     makeStoreWritable();
     createDirs(linksDir = settings.nixStore + "/.links");
     Path profilesDir = settings.nixStateDir + "/profiles";
-    createDirs(settings.nixStateDir + "/profiles");
+    createDirs(profilesDir);
     createDirs(settings.nixStateDir + "/temproots");
     createDirs(settings.nixDBPath);
     Path gcRootsDir = settings.nixStateDir + "/gcroots";
@@ -246,6 +247,32 @@ LocalStore::LocalStore(bool reserveSpace)
         createSymlink(profilesDir, gcRootsDir + "/profiles");
     }
 
+    /* Optionally, create directories and set permissions for a
+       multi-user install. */
+    if (getuid() == 0 && settings.buildUsersGroup != "") {
+
+        Path perUserDir = profilesDir + "/per-user";
+        createDirs(perUserDir);
+        if (chmod(perUserDir.c_str(), 01777) == -1)
+            throw SysError(format("could not set permissions on `%1%' to 
1777") % perUserDir);
+
+        struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
+        if (!gr)
+            throw Error(format("the group `%1%' specified in 
`build-users-group' does not exist")
+                % settings.buildUsersGroup);
+
+        struct stat st;
+        if (stat(settings.nixStore.c_str(), &st))
+            throw SysError(format("getting attributes of path `%1%'") % 
settings.nixStore);
+
+        if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & 
~S_IFMT) != 01775) {
+            if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
+                throw SysError(format("changing ownership of path `%1%'") % 
settings.nixStore);
+            if (chmod(settings.nixStore.c_str(), 01775) == -1)
+                throw SysError(format("changing permissions on path `%1%'") % 
settings.nixStore);
+        }
+    }
+
     checkStoreNotSymlink();
 
     /* We can't open a SQLite database if the disk is full.  Since

[Prev in Thread]

Current Thread

[Next in Thread]

39/64: nix-env: Minor change to '--delete-generations Nd' semantics, (continued)
- 39/64: nix-env: Minor change to '--delete-generations Nd' semantics, Ludovic Court�s, 2015/01/05
- 33/64: If a .drv cannot be parsed, show its path, Ludovic Court�s, 2015/01/05
- 40/64: trunk -> master, Ludovic Court�s, 2015/01/05
- 17/64: Pass position information to primop calls, Ludovic Court�s, 2015/01/05
- 32/64: Simplify quick start section, Ludovic Court�s, 2015/01/05
- 43/64: Set build-max-jobs to the number of available cores by default, Ludovic Court�s, 2015/01/05
- 41/64: doc fix: swap 'import' and 'export', Ludovic Court�s, 2015/01/05
- 28/64: Ensure that systemd units to into lib, not lib64, Ludovic Court�s, 2015/01/05
- 36/64: Bump version to 1.8, Ludovic Court�s, 2015/01/05
- 44/64: Install an Upstart service, Ludovic Court�s, 2015/01/05
- 45/64: Set up directories and permissions for multi-user install automatically, Ludovic Court�s <=
- 46/64: Simplify multi-user installation instructions, Ludovic Court�s, 2015/01/05
- 49/64: Add ubuntu 14.04, Ludovic Court�s, 2015/01/05
- 48/64: Don't install Upstart job on Fedora, Ludovic Court�s, 2015/01/05
- 51/64: Really fix the RPM builds, Ludovic Court�s, 2015/01/05
- 50/64: Fix RPM build, Ludovic Court�s, 2015/01/05
- 53/64: fix typo, Ludovic Court�s, 2015/01/05
- 52/64: Shortcut already-hardlinked files, Ludovic Court�s, 2015/01/05
- 54/64: nix-instantiate --eval: Apply auto-arguments if the result is a function, Ludovic Court�s, 2015/01/05
- 47/64: Fix Debian tests, Ludovic Court�s, 2015/01/05
- 60/64: Merge branch 'master' of github.com:wmertens/nix, Ludovic Court�s, 2015/01/05

Prev by Date: 44/64: Install an Upstart service
Next by Date: 46/64: Simplify multi-user installation instructions
Previous by thread: 44/64: Install an Upstart service
Next by thread: 46/64: Simplify multi-user installation instructions
Index(es):
- Date
- Thread