Please don't use sudo -E

[SeerLite]

Hi! Thank you very much for this great Guix resource, it's been very useful to get everything set up.

I suggest you stop using sudo -E in your config and examples. It will make the Guile auto-compiler use the user's home directory to write caches for the system.scm (~/.cache). This means these files will be created with the root user.

The bad part is, if ~/.cache/guix or even just ~/.cache don't already exist, these directories will also be created with the root user and be owned and only writeable by them. As you can imagine, this becomes a problem.

EDIT: Try find ~ -user root to list all root-owned files to see what I mean :P

It took me quite a while to understand why guile would complain all the time when trying to run Scheme scripts, and I just realized it's because it was unable to write the compiled code to the cache. Luckily I haven't had problems with other programs, but I think that's because the ~/.cache directory is created by default (or I've just been really lucky).

So, I suggest you stop using it in examples and in your own code too. This is not the first time sudo -E has caused me problems, so I really discourage it. (sudo -E $EDITOR is also a common use, and it's just as harmful! If your editor downloads any plugins or creates any folders inside $HOME, they will have the exact same problem as the Guile compiler above).

Again, thank you for this resource. The use of org-mode (or whatever other emacs magic is involved :s) to make the self-describing files in a nice format is amazing and very easy to follow.

[daviwil]

Thanks! That does sound like it could become a problem but strangely I've never had an issue with it (yet).

What do you use instead of sudo -E for the specific case of guix system reconfigure? I believe the reason I started using it was because Guix wasn't finding something it needed until I dropped my user environment in with -E.

[SeerLite]

sudo guix system reconfigure ~/.config/guix/system.scm without the -E works just fine for me and I've been using it for some time now.

Was it maybe a sudo guix pull? Where you wanted your user's ~/.config/guix/channels.scm but got root's instead? That's the only command I can think of that would use $HOME directly. (And yikes this one seems to also fill ~/.cache and even ~/.config with root owned files).

AFAIK guix pull shouldn't really ever be needed to run as root. Just guix pull with the regular user and then sudo guix system reconfigure.

[daviwil]

Yeah, I never use guix pull with sudo. I think the reason I was using sudo -E was to make sure that my own channel file was being used for reconfiguring the system instead of the root user's channel file. At the time I started using sudo -E, guix time-machine didn't exist, so I should probably use time-machine to consume my own channel file at this point.

[emixa-d]

IIRC from past discussions, the exact behaviour of sudo depends on the distribution you are using and for some the -E is the default or such.

[emixa-d]

Relevant comment from guix/scripts/pull.scm:

;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second ;; condition below is always false when one runs "sudo guix pull". As a ;; workaround, skip this code when $SUDO_USER is set. See ;; https://bugs.gnu.org/36785.

[SeerLite]

@emixa-d I gotta agree with Ludovic Courtès there regarding it being a bug-like behavior from part of Ubuntu. IMO this patch/PR still applies, especially since the configuration in this repo is aimed at Guix System which uses unpatched sudo (unlike Ubuntu, which seems to be the only distro messing with sudo).