Hi, Rutherther <ruthert...@ditigal.xyz> writes:
> There are reports from users with inconsistencies in ownership, it seems that > at > least /var/guix is sometimes left with wrong owner, but maybe even parts > of the store? I cannot verify that. Would be nice to get their reports here, otherwise we’re left speculating. > The guix-ownership service checks /gnu/store ownership to check if the > whole store and all files important for the daemon (/etc/guix, > /var/guix) are owned by the appropriate user. > > If the folder isn't owned by appropriate user, it moves to those steps: > 1. Fix permissions in /gnu/store - first under it, then /gnu/store > itself as last step > 2. Fix /var/guix > 3. Fix /etc/guix > 4. Fix /var/log/guix > > So from those laid out steps it should be obvious that if guix-ownership > service somehow stops between steps 1 and 2, it will never recover > ownerships of /var/guix, /etc/guix and /var/log/guix. /gnu/store should > change owner as last. Well, the fundamental assumption is that ‘guix-ownership’ is not interrupted during its work; manual intervention is needed to repair things if it is interrupted. I don’t see any way around that but perhaps we should warn about it more clearly? > On the other hand it feels much of a coincidence users would be > consistently hitting reboots between those steps. So maybe I am > overlooking another thing. I checked the file-system-fold, it goes to > /gnu/store as last, so that would mean putting step 1 after 4 should fix > that. Still, maybe only /gnu/store itself should be skipped instead of moving > the step, and done as last, step 5 to ensure it's fine even if > file-system-fold somehow changed the ordering? Not sure how exactly it > should behave in that regard. Doing /gnu/store last is a good idea because it reduces the window during which the inconsistent state could go undetected. Feel free to propose a patch; otherwise I’ll give it a try, but not before next week. Thanks, Ludo’.
