Setting tempdir in nix3-develop, nix3-print-dev-env can lead to issues #979

New issue

Open

opened 2025-08-25 13:09:24 +00:00 by teofilc · 0 comments

teofilc commented

2025-08-25 13:09:24 +00:00

Summary

In the nix3-develop codepath, we set NIX_BUILD_TOP, TMP, and a bunch of synonyms thereof to a new mktemp -d created directory.

Diferences from `/tmp`

This can lead to subtle bugs because now our TMP directory differs from the normal one in a few ways.

The file permissions are different. /tmp has 1777 on my system. But folders created by mktemp -d have different permissions, eg, 0700
The folder is owned by a different user. I don't think this is necessarily a problem, since it's normally a less privileged user.
The folder may be cleaned up by systemd-tmpfiles. There is no limit to how long a shell might be used for, so after a 3 week holiday, systemd-tmpfiles might clean up your TMP directory and now your shell is suddenly broken.

Bugs

For instance https://github.com/NixOS/nix/issues/10753 was triggered by the following scenario.

We create a tmpdir as root and set TMP to that. This doesn't have permissions for arbitrary users to create folders in it
We run a build as the nixbld user with the sandbox off (since we are using docker)
We try to create a tmpdir but fail, since we don't have permission to create folders under /tmp

If systemd-tmpfiles deletes your TMP folder, then your shell is broken and you need to re source it. This can be painful for users who use tools like haskell.nix which have extremely bad eval times (so users sometimes keep a shell open for months (sic!)). I think there is an issue for this somewhere but I can't find it.

## Summary In the nix3-develop codepath, we set `NIX_BUILD_TOP`, `TMP`, and a bunch of synonyms thereof to a new `mktemp -d` created directory. ## Diferences from `/tmp` This can lead to subtle bugs because now our `TMP` directory differs from the normal one in a few ways. 1. The file permissions are different. `/tmp` has 1777 on my system. But folders created by `mktemp -d` have different permissions, eg, 0700 2. The folder is owned by a different user. I don't think this is necessarily a problem, since it's normally a less privileged user. 3. The folder may be cleaned up by systemd-tmpfiles. There is no limit to how long a shell might be used for, so after a 3 week holiday, systemd-tmpfiles might clean up your `TMP` directory and now your shell is suddenly broken. ## Bugs For instance https://github.com/NixOS/nix/issues/10753 was triggered by the following scenario. 1. We create a tmpdir as `root` and set `TMP` to that. This doesn't have permissions for arbitrary users to create folders in it 2. We run a build as the `nixbld` user with the sandbox off (since we are using docker) 3. We try to create a tmpdir but fail, since we don't have permission to create folders under /tmp If systemd-tmpfiles deletes your `TMP` folder, then your shell is broken and you need to re source it. This can be painful for users who use tools like `haskell.nix` which have extremely bad eval times (so users sometimes keep a shell open for months (sic!)). I think there is an issue for this somewhere but I can't find it.