Running Nix with sudo on darwin now complains that /Users/lily isn't owned by me

[lilyball]

Describe the bug

In Nix 2.10.0, Nix now checks if $HOME is owned by the current user and falls back to reading the passwd entry if not (see #6676). On macOS, by default sudo will not reset $HOME. This means that running Nix with sudo on macOS now prints a warning even if the command shouldn't care about the home directory¹. This is very annoying.

I'm not even sure the warning is all that useful. It sounds like it was primarily motivated by nix-channel, although off the top of my head it obvious affects nix-env as well. Resetting $HOME for nix-channel is obviously correct, and probably doesn't need a warning, but it's less obvious to me that resetting $HOME makes sense for other commands. For example, if I have a user channel set and I want to install it to the root profile, sudo nix-env -i will reset $HOME and therefore not see my user channel. I can see how someone might think this is correct, but more generally, sudo is a way to add permissions to an action², so it feels wrong that it would also change the way things are evaluated. With this context, I claim sudo nix-channel is correct to reset $HOME because the use of sudo is to opt in to changing the root channels as there is otherwise no permission issue that necessitates the sudo.

The concrete motivation for filing this issue now is that nix-darwin now triggers this warning on darwin-rebuild switch, with the line sudo nix-env -p "$profile" --set "$systemConfig". This command shouldn't care about $HOME at all, but it now triggers a warning.

Steps To Reproduce

1. sudo nix-instantiate --eval -E 1

Expected behavior

It should evaluate without printing any warnings.

nix-env --version output

nix-env (Nix) 2.10.3

Additional context

I'm not all that familiar with the circumstances in which $HOME would be set to a folder not owned by the current user outside of the use of sudo, so perhaps there is some situation where warning about this is useful (for example if I mangle the env var it might be nice to know it's being ignored, but that seems fairly niche). If there is a good argument for having this in the general case then Nix could detect the use of sudo specifically by looking for the env vars it sets (such as $SUDO_USER). But I really think it would be more useful to only check if $HOME is owned by the current user for nix-channel, and otherwise only check if $HOME is readable by the current user. That way if I do something like sudo -u otheruser then it would still reset $HOME for me since that user can't read my home folder.

Footnotes

1. In theory a nix.conf in the user's config dir could matter, but I'm not even sure it would be incorrect to read that from $HOME regardless of ownership. In particular, if I run a nix command with sudo, it would not be unreasonable to expect the same config to apply as running without. ↩

2. This is probably why macOS preserves $HOME by default when invoking sudo. ↩

[lilyball]

Actually I suppose nix-env uses ~/.nix-profile to determine the profile to use, so resetting that is potentially useful for sudo nix-env behavior. I think that ideally it would read ~/.nix-defexpr from $HOME and ~/.nix-profile from the passwd entry so that way adding sudo changes the profile without changing the evaluated derivations, but that is additional complexity.

I dunno. Maybe I'm just grumpy, but I don't relish trying to move everything over to sudo -H.

At the very least the warning could be improved, because it's telling me that my home directory isn't owned by me, which is wrong. As long as we have the warning, it should say the actual username instead of "you" (e.g. "is not owned by root"). And it would be nice to tell me the actual path it's falling back to instead of saying it's falling back to whatever's in the 'passwd' file.

[thufschmitt]

The home directory is used for a buch of things (as you mention the config file, the default profile and channels, but also some cache and the ~ path in a Nix expression).

it would be more useful to only check if $HOME is owned by the current user for nix-channel, and otherwise only check if $HOME is readable by the current user.

That looks like it's making things more complex than it should. And also error-prone since there's a few reasons why Nix might want to write under $HOME (and I wouldn't want it to just throw some root-owned files in there).

[J-Swift]

Found this issue after getting the warning during sudo nix upgrade-nix. I'm not clear what I need to do about the warning. Is it an issue that I need to fix? Should I be passing a flag to something to avoid the warning? Whats the implication of the permissions not lining up?

[milahu]

hitting this in my tests, where i must normalize the home path

with nix 2.11.0

HOME=/tmp nix-instantiate --parse --expr '~/asdf'

warning: $HOME ('/tmp') is not owned by you, falling back to the one defined in the 'passwd' file ('/home/user')
/home/user/asdf

at least there should be an escape hatch like --use-home-from-env

workaround:

HOME=/tmp/my-test/home
mkdir -p $HOME
nix-instantiate --parse --expr '~/asdf'

/tmp/my-test/home/asdf