maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Set up directories and permissions for multi-user install automatically

Browse source 
This automatically creates /nix/var/nix/profiles/per-user and sets the
permissions/ownership on /nix/store to 1775 and root:nixbld.
This commit is contained in:
Eelco Dolstra 2014-05-02 14:31:15 +02:00
parent 20668b1363
commit 696f960dee
1 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/libstore/local-store.cc
View file

@ -20,6 +20,7 @@
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <time.h> #include <time.h>
#include <grp.h>
#if HAVE_UNSHARE && HAVE_STATVFS && HAVE_SYS_MOUNT_H #if HAVE_UNSHARE && HAVE_STATVFS && HAVE_SYS_MOUNT_H
#include <sched.h> #include <sched.h>
@ -237,7 +238,7 @@ LocalStore::LocalStore(bool reserveSpace)
makeStoreWritable(); makeStoreWritable();
createDirs(linksDir = settings.nixStore + "/.links"); createDirs(linksDir = settings.nixStore + "/.links");
Path profilesDir = settings.nixStateDir + "/profiles"; Path profilesDir = settings.nixStateDir + "/profiles";
createDirs(settings.nixStateDir + "/profiles"); createDirs(profilesDir);
createDirs(settings.nixStateDir + "/temproots"); createDirs(settings.nixStateDir + "/temproots");
createDirs(settings.nixDBPath); createDirs(settings.nixDBPath);
Path gcRootsDir = settings.nixStateDir + "/gcroots"; Path gcRootsDir = settings.nixStateDir + "/gcroots";
@ -246,6 +247,32 @@ LocalStore::LocalStore(bool reserveSpace)
createSymlink(profilesDir, gcRootsDir + "/profiles"); createSymlink(profilesDir, gcRootsDir + "/profiles");
} }
/* Optionally, create directories and set permissions for a
multi-user install. */
if (getuid() == 0 && settings.buildUsersGroup != "") {
Path perUserDir = profilesDir + "/per-user";
createDirs(perUserDir);
if (chmod(perUserDir.c_str(), 01777) == -1)
throw SysError(format("could not set permissions on `%1%' to 1777") % perUserDir);
struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
if (!gr)
throw Error(format("the group `%1%' specified in `build-users-group' does not exist")
% settings.buildUsersGroup);
struct stat st;
if (stat(settings.nixStore.c_str(), &st))
throw SysError(format("getting attributes of path `%1%'") % settings.nixStore);
if (st.st_uid != 0 || st.st_gid != gr->gr_gid || (st.st_mode & ~S_IFMT) != 01775) {
if (chown(settings.nixStore.c_str(), 0, gr->gr_gid) == -1)
throw SysError(format("changing ownership of path `%1%'") % settings.nixStore);
if (chmod(settings.nixStore.c_str(), 01775) == -1)
throw SysError(format("changing permissions on path `%1%'") % settings.nixStore);
}
}
checkStoreNotSymlink(); checkStoreNotSymlink();
/* We can't open a SQLite database if the disk is full. Since /* We can't open a SQLite database if the disk is full. Since