nixcloud.directories fails to execute

Question

nixcloud.directories fails to execute

Opened this issue a year ago · 2 comments

config


  nixcloud.directories = {
    "super/n/e/s/t/e/d" = {
      permissions.defaultDirectoryMode = "0700";
      owner = "alice";
      group = "vip";
      postCreate = "id -nu > owner.txt";
      postCreateAsRoot = "id -nu > root.txt";
    };
  };
  users.groups.vip = {};
  users.users.alice.isNormalUser = true;

issue

systemctl '--wait' 'start' 'post-create-super-n-e-s-t-e-d.service'
Job for post-create-super-n-e-s-t-e-d.service failed because the control process exited with error code.
See "systemctl status post-create-super-n-e-s-t-e-d.service" and "journalctl -xe" for details.
Segmentation fault (core dumped)

scripts

[root@nixos-thinkpad-t530:/etc/nixos/nixpkgs]# systemctl cat mkdir-super-n-e-s-t-e-d.service
# /nix/store/cc58kcwyfrwk5fdiy0bdv2xpj1r1ghp2-unit-mkdir-super-n-e-s-t-e-d.service/mkdir-super-n-e-s-t-e-d.service
[Unit]
After=local-fs.target
ConditionPathExists=!/super/n/e/s/t/e/d
Description=Create Directory /super/n/e/s/t/e/d

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/jbyaw0r48gxslxczwnjw5371rqj03gn8-glibc-locales-2.30/lib/locale/locale-archive"
Environment="PATH=/nix/store/x0jla3hpxrwz76hy9yckg1iyc9hns81k-coreutils-8.31/bin:/nix/store/97vambzyvpvrd9wgrrw7i7svi0s8vny5-findutils-4.7.0/bin:/nix/store/b0vjq4r4sp9z4l2gbkc5dyyw5qfgyi3r-gnugrep-3.4/bin:/ni>Environment="TZDIR=/nix/store/8cz89zavyrm2bdrgkx4l66s5c7nx12dr-tzdata-2019c/share/zoneinfo"



ExecStart=/nix/store/n9g0apy07zlsb6hnin3dq1d8ihn3m9il-unit-script-mkdir-super-n-e-s-t-e-d-start
ExecStartPost=/nix/store/gg2xcpah1q5jhdr34q4fk64jnsi6k3jm-unit-script-mkdir-super-n-e-s-t-e-d-post-start
RemainAfterExit=true
Type=oneshot

cat /nix/store/gg2xcpah1q5jhdr34q4fk64jnsi6k3jm-unit-script-mkdir-super-n-e-s-t-e-d-post-start
#! /nix/store/hrpvwkjz04s9i4nmli843hyw9z4pwhww-bash-4.4-p23/bin/bash -e
'systemctl' '--wait' 'start' 'post-create-super-n-e-s-t-e-d.service'
'systemctl' '--wait' 'start' 'post-create-as-root-super-n-e-s-t-e-d.service'

gdb

[root@nixos-thinkpad-t530:/etc/nixos/nixpkgs]# gdb systemctl /tmp/core-systemctl.3246.nixos-thinkpad-t530.1702863095
GNU gdb (GDB) 8.3.1
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from systemctl...
(No debugging symbols found in systemctl)
[New LWP 3246]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/nix/store/xg6ilb9g9zhi2zg1dpi4zcp288rhnvns-glibc-2.30/lib/libthread_db.so.1".
Core was generated by `systemctl --wait start post-create-super-n-e-s-t-e-d.service'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007f60f47a15c4 in bus_wait_for_units_clear () from /nix/store/4h6n6r79lhlzwq1wp9ib68n8pnpsz1nv-systemd-243.7/lib/systemd/libsystemd-shared-243.so
#2  0x00007f60f47a1c6e in bus_wait_for_units_free () from /nix/store/4h6n6r79lhlzwq1wp9ib68n8pnpsz1nv-systemd-243.7/lib/systemd/libsystemd-shared-243.so
#3  0x000055c1912dd617 in start_unit ()
#4  0x00007f60f47f4334 in dispatch_verb () from /nix/store/4h6n6r79lhlzwq1wp9ib68n8pnpsz1nv-systemd-243.7/lib/systemd/libsystemd-shared-243.so
#5  0x000055c1912cd4a0 in main ()
(gdb) quit

systemd version

[root@nixos-thinkpad-t530:/etc/nixos/nixpkgs]# systemctl --version
systemd 243 (243)

Answer 1 · 2023-12-23T00:53:43.000Z

this service fails: mkdir-super-n-e-s-t-e-d.service

[Unit]
After=local-fs.target
ConditionPathExists=!/super/n/e/s/t/e/d
Description=Create Directory /super/n/e/s/t/e/d

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/jbyaw0r48gxslxczwnjw5371rqj03gn8-glibc-locales-2.30/lib/locale/locale-archive"
Environment="PATH=/nix/store/x0jla3hpxrwz76hy9yckg1iyc9hns81k-coreutils-8.31/bin:/nix/store/97vambzyvpvrd9wgrrw7i7svi0s8vny5-findutils-4.7.0/bin:/nix/store/b0vjq4r4sp9z4l2gbkc5dyyw5qfgyi3r-gnugrep-3.4/bin:/ni>Environment="TZDIR=/nix/store/8cz89zavyrm2bdrgkx4l66s5c7nx12dr-tzdata-2019c/share/zoneinfo"
ExecStart=/nix/store/n9g0apy07zlsb6hnin3dq1d8ihn3m9il-unit-script-mkdir-super-n-e-s-t-e-d-start
ExecStartPost=/nix/store/gg2xcpah1q5jhdr34q4fk64jnsi6k3jm-unit-script-mkdir-super-n-e-s-t-e-d-post-start
RemainAfterExit=true
Type=oneshot

this fails because:

Dec 23 00:52:04 nixos-thinkpad-t530 systemd[7754]: post-create-super-n-e-s-t-e-d.service: Changing to the requested working directory failed: Permission denied
Dec 23 00:52:04 nixos-thinkpad-t530 systemd[7754]: post-create-super-n-e-s-t-e-d.service: Failed at step CHDIR spawning /nix/store/dk017idhagqsgn6d04kfqxxq2r8vrm05-unit-script-post-create-super-n-e-s-t-e-d-st>-

the script tries this:

su alice
[alice@nixos-thinkpad-t530:/etc/nixos/nixpkgs]$ cd /super/
bash: cd: /super/: Permission denied

maybe the ACL is not set or working?

Answer 2 · 2023-12-23T01:29:05.000Z

https://unix.stackexchange.com/questions/747026/how-to-setfacl-on-a-directory-and-all-its-parents

so the call:

'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n/e/s/t/e/d'

needs to be applied to each parent directory individually.

so if i run:

rm -Rf /super
systemctl restart mkdir-super-n-e-s-t-e-d.service
'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n/e/s/t/e/'
'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n/e/s/t/'
'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n/e/s/'
'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n/e/'
'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n'
'/nix/store/s2ia7q0pfdpckjkiirsad1lasjfmdrkq-setperm.sh' 'd:u::rwx,d:u:alice:rwx,d:g::r-x,d:g:vip:r-x,d:o::r-x,d:m::rwx,u::rwx,u:alice:rwx,g::r-x,g:vip:r-x,o::r-x,m::rwx' 'alice' 'vip' '/super/n'
systemctl restart post-create-super-n-e-s-t-e-d.service

no error and the file is created:

[root@nixos-thinkpad-t530:/]# ls -lathr /super/n/e/s/t/e/d
total 20K
drwxrwxr-x+ 3 alice vip 4.0K Dec 23 01:25 ..
drwxrwxr-x+ 2 alice vip 4.0K Dec 23 01:30 .
-rw-rw-r--+ 1 alice vip    6 Dec 23 01:30 owner.txt

19.09 fails similar and 19.03 will just create the directory like:

[root@nixos:~]# ls -la /super/
total 12
drwx------  3 root root 4096 Dec 24 22:20 .
drwxr-xr-x 17 root root 4096 Dec 24 22:20 ..
drwx------  3 root root 4096 Dec 24 22:20 n

[root@nixos:~]# ls -la /super/n/
total 12
drwx------ 3 root root 4096 Dec 24 22:20 .
drwx------ 3 root root 4096 Dec 24 22:20 ..
drwx------ 3 root root 4096 Dec 24 22:20 e

[root@nixos:~]# ls -la /super/n/e/
total 12
drwx------ 3 root root 4096 Dec 24 22:20 .
drwx------ 3 root root 4096 Dec 24 22:20 ..
drwx------ 3 root root 4096 Dec 24 22:20 s

[root@nixos:~]# ls -la /super/n/e/s/
total 12
drwx------ 3 root root 4096 Dec 24 22:20 .
drwx------ 3 root root 4096 Dec 24 22:20 ..
drwx------ 3 root root 4096 Dec 24 22:20 t

[root@nixos:~]# ls -la /super/n/e/s/t/
total 12
drwx------ 3 root root 4096 Dec 24 22:20 .
drwx------ 3 root root 4096 Dec 24 22:20 ..
drwx------ 3 root root 4096 Dec 24 22:20 e

[root@nixos:~]# ls -la /super/n/e/s/t/e/
total 16
drwx------  3 root  root 4096 Dec 24 22:20 .
drwx------  3 root  root 4096 Dec 24 22:20 ..
drwxrwxr-x+ 2 alice vip  4096 Dec 24 22:20 d

[root@nixos:~]# ls -la /super/n/e/s/t/e/d/
total 20
drwxrwxr-x+ 2 alice vip  4096 Dec 24 22:20 .
drwx------  3 root  root 4096 Dec 24 22:20 ..
-rw-rw-r--+ 1 alice vip     6 Dec 24 22:20 owner.txt
-rw-rw-r--+ 1 root  root    5 Dec 24 22:20 root.txt