Nix installer updates shell profiles for the wrong user

[samuela]

Describe the bug

When running the multi-user installer, everything proceeds without issue with the exception of the following warning:

warning: $HOME ('/home/sam.ainsworth') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')

This is incorrect, however:

sam.ainsworth@cs-satze7x4cv-gpu-1661895675:~$ whoami
sam.ainsworth
sam.ainsworth@cs-satze7x4cv-gpu-1661895675:~$ echo $HOME
/home/sam.ainsworth
sam.ainsworth@cs-satze7x4cv-gpu-1661895675:~$ ls -al /home
total 20
drwxr-xr-x  5 root          root          4096 Aug 23 14:57 .
drwxr-xr-x 24 root          root          4096 Aug 30 17:19 ..
drwx--x--- 13 root          root          4096 Aug 30 17:18 docker
drwxr-xr-x 12 sam.ainsworth sam.ainsworth 4096 Aug 30 16:51 sam.ainsworth
drwx------  3 root          root          4096 Aug 23 14:57 ubuntu

Steps To Reproduce

Steps to reproduce the behavior:

    curl -L https://nixos.org/nix/install > /tmp/install-nix.sh
    # This is the hash at the time of writing (2022-08-30)
    { echo "df7446dab00d10117074f3bebb817d48  /tmp/install-nix.sh" | md5sum --check -; } && { yes | sh /tmp/install-nix.sh --daemon; }

Expected behavior

The installer to set up shell profiles for the correct user.

Screenshots

n/a

Additional context

n/a

Notify maintainers

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"x86_64-linux"`
 - host os: `Linux 5.4.0-1086-gcp, Ubuntu, 18.04.6 LTS (Bionic Beaver), nobuild`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.11.0`
 - channels(root): `"nixpkgs"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs`

(can't figure out how to resolve NixOS/nix#3435 yet. may need to do a complete reinstall.)

[abathur]

It looks like this error message is in Nix itself, so this issue should probably get transferred there by someone with the power. The message was added fairly recently: NixOS/nix#6880

Perhaps @virusdave has a sense of what may be going on here, and whether it implies the PR is or isn't working as intended?

[virusdave]

Interesting - so the issue at high level is that something is executing a core nix function having setuid to root but left the $HOME environment variable in place. This isn't inherently wrong, but prior to the change associated with the (original) warning message, it could have some surprising consequences.

I'd be happy to look over install-nix.sh to see what exactly it's doing that would cause this, and make sure it's innocuous (or fix it if not), but i don't see it in this repo and i'm not sure where it is located.

[abathur]

I'm guessing that this is in https://github.com/NixOS/nix/blob/ddb82ffda993d237d62d59578f7808a9d98c77fe/scripts/install-multi-user.sh#L866-L889 (though I suppose it could be other Nix invocations in the file).

@samuela Does this location look right to you?

[virusdave]

I'm guessing that this is in https://github.com/NixOS/nix/blob/ddb82ffda993d237d62d59578f7808a9d98c77fe/scripts/install-multi-user.sh#L866-L889 (though I suppose it could be other Nix invocations in the file).

@samuela Does this location look right to you?

Yup, found it in that other repo! Thanks.

@samuela , do you happen to have any context logs from around the warning, to help me narrow down which of the script actions is happening when the warning is produced?

Thanks!

[samuela]

@samuela , do you happen to have any context logs from around the warning, to help me narrow down which of the script actions is happening when the warning is produced?

Yeah, I imagine that I would still have the logs somewhere. Where are the logs located?

@samuela Does this location look right to you?

I'm not 100% sure, but here is the context I see when running the installer:

...
---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo /nix/store/nmq5zcd93qb1yskx42rs910ff0247nn2-nix-2.11.0/bin/nix-store --load-db

to load data for the first time in to the Nix Database

warning: $HOME ('/home/sam.ainsworth') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
      Just finished getting the nix database ready.

~~> Setting up shell profiles: /etc/bashrc /etc/profile.d/nix.sh /etc/zshrc /etc/bash.bashrc /etc/zsh/zshrc

---- sudo execution ------------------------------------------------------------
...

[virusdave]

Ha, that's exactly where i was suspecting, since it's the only obvious spot where a low-level nix command is being invoked without the HOME="$ROOT_HOME" guard like this

Thanks for confirming :)

The message should innocuous in this case, as $HOME (and values derived from it, like profile locations) aren't relevant to this operation. The simplest thing to do here is to add the HOME guard to the script for this operation in the same way it's done elsewhere. I'll submit a PR for this.

[samuela]

Awesome, thanks @virusdave! It's exciting to see all the progress that's been happening on the installer recently

The message should innocuous in this case, as $HOME (and values derived from it, like profile locations) aren't relevant to this operation. The simplest thing to do here is to add the HOME guard to the script for this operation in the same way it's done elsewhere. I'll submit a PR for this.

I'm not seeing anything Nix-related in either my ~/.bashrc or ~/.profile... Is there any way this could still be messing something up there or is that likely to be a separate issue?

[virusdave]

I'm not seeing anything Nix-related in either my ~/.bashrc or ~/.profile... Is there any way this could still be messing something up there or is that likely to be a separate issue?

That is almost certainly an unrelated issue, if you're seeing a problem. The guard I added in the PR doesn't change the behavior of the installer, it just prevents the warning by passing explicitly an configuration which was being inferred (and warned about) previously.

[samuela]

should be fixed by NixOS/nix#6980