Hi Yann, Yann Dupont <yann.dup...@univ-nantes.fr> writes:
> On 19/06/2025 13:19, Sergey Trofimov wrote: >> Hi >> >> Yann Dupont <yann.dup...@univ-nantes.fr> writes: >> >>> I don't know if this is relevant information, but we encounter this problem >>> on disposable virtual machines, freshly generated by guix >>> system image for one-time use, we don't reconfigure on these machines. >>> Maybe this function is not called in this specific case? >>> >>> I'll see if a reconfigure changes things, , but it's going to take some >>> time, as our templates are a bit complex and divided into >>> several files that can't be found in >>> /running/current-system/configuration.scm. >> You could simply run /run/current-system/activate and check if it fixes >> permissions. > Hi Sergey, launching /run/current-system/activate does not change the > directory > property. > > However, I'm afraid this could be a problem on our side. By simplifying a vm > definition as much as possible to be able to reproduce, the nslcd service > creates /var/empty with root as owner... so something unexpected is happening > on > our side. I'll look into it. > > Thanks for your help, If the OS is stripped to the bare minimum, I assume that it doesn't have all the system users usually present in Guix system (daemon and builders). It could happen that nslcd is the only user with the home dir set to /var/empty (check /etc/passwd). In that case activate-users+groups won't be changing the permissions because it only does that on directories that are shared between multiple accounts.
