47f87072ad
Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).
14 lines
443 B
Makefile
14 lines
443 B
Makefile
SUBDIRS = bin2c boost libutil libstore libmain nix-store nix-hash \
|
|
libexpr nix-instantiate nix-env log2xml
|
|
|
|
SETUID_PROGS = nix-store nix-instantiate nix-env
|
|
install-exec-hook:
|
|
if SETUID_HACK
|
|
if HAVE_SETRESUID
|
|
cd $(DESTDIR)$(bindir) && chown @NIX_USER@ $(SETUID_PROGS) \
|
|
&& chgrp @NIX_GROUP@ $(SETUID_PROGS) && chmod ug+s $(SETUID_PROGS)
|
|
else
|
|
cd $(DESTDIR)$(bindir) && chown root $(SETUID_PROGS) && chmod u+s $(SETUID_PROGS)
|
|
endif
|
|
endif
|