Hi, Ludovic Courtès <l...@gnu.org> skribis:
> Indeed. I added ‘pk’ calls to print ‘%profile-directory’ and > (canonicalize-profile %user-profile-directory), and here’s what I see > with ‘sudo’: > > $ sudo -E ./pre-inst-env guix pull > > ;;; (pd "/var/guix/profiles/per-user/root") > > ;;; (upd "/home/ludo/.config/guix/current") I used ‘-E’ above, which is why HOME was ~ludo instead of ~root. Without ‘-E’, HOME is ~root as expected, and so “sudo guix pull” does the right thing (this is on Guix System): --8<---------------cut here---------------start------------->8--- $ sudo guix repl GNU Guile 2.2.4 Copyright (C) 1995-2017 Free Software Foundation, Inc. Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'. This program is free software, and you are welcome to redistribute it under certain conditions; type `,show c' for details. Enter `,help' for help. scheme@(guix-user)> (getenv "HOME") $1 = "/root" scheme@(guix-user)> ,m(guix scripts pull) scheme@(guix scripts pull)> %profile-directory $2 = "/var/guix/profiles/per-user/root" scheme@(guix scripts pull)> %user-profile-directory $3 = "/root/.config/guix/current" scheme@(guix scripts pull)> (cache-directory) $4 = "/root/.cache/guix" scheme@(guix scripts pull)> (config-directory) $5 = "/root/.config/guix" --8<---------------cut here---------------end--------------->8--- So ‘sudo guix pull’ really updates root’s profile and writes to ~root/.cache, everything is fine. Done? I investigated a bit, tried Debian, then Ubuntu, and found that ‘sudo’ on Ubuntu behaves differently: it preserves ‘HOME’ by default: $ sudo env | grep HOME HOME=/home/ubuntu This is written here: https://help.ubuntu.com/community/RootSudo#Special_notes_on_sudo_and_shells (That’s with sudo 1.8.21p2, FWIW.) Ubuntu’s /etc/sudoers doesn’t have anything special. Actually, Debian has (almost) the same /etc/sudoers and yet it does not preserve HOME. (Time passes…) Digging further, I fetched the source from <https://packages.ubuntu.com/bionic/sudo>, and boom! I found the culprit: it’s called ‘debian/patches/keep_home_by_default.patch’. --8<---------------cut here---------------start------------->8--- Description: Set HOME in initial_keepenv_table Set HOME in initial_keepenv_table; without this, $HOME will never be preserved unless added to keep_env. There's appropriate logic to handle resetting the home for -H and -i options, so this is the only part that's missing. Author: Steve Langasek <steve.langa...@canonical.com> --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -189,6 +189,7 @@ "COLORS", "DISPLAY", "DPKG_COLORS", + "HOME", "HOSTNAME", "KRB5CCNAME", "LS_COLORS", --8<---------------cut here---------------end--------------->8--- (This patch is playing with fire IMO. If you’re an Ubuntu user, consider reporting a bug!) But anyway, what can we do? We could ignore the issue, it’s-Ubuntu’s-fault, done. We could also add some logic to detect whether (1) we’re running under sudo, and in that case, and whether (2) $HOME matches $USER’s home directory as it appears in /etc/passwd. If both conditions are satisfied, we could ignore $HOME and use the home directory from /etc/passwd instead. But… that’s complicated, and it’d break uses of ‘sudo -H’. We could apply the patch I posted earlier, which simply disables profile migration when SUDO_USER is set. That won’t address the fact that root writes to the user’s ~/.cache, but there’s not much we can do here. Thoughts? Ludo’.
