[Nix-dev] Re: Irritating warnings for non existing security.setuidPrograms
Ludovic Courtès
ludo at gnu.org
Thu Oct 30 09:57:35 CET 2008
Hi,
"Bas van Dijk" <v.dijk.bas at gmail.com>
writes:
> Hello,
>
> Each time I boot or do a nixos-rebuild I get the following irritating warnings:
>
> WARNING: No executable named `fusermount' was found
> WARNING: but `fusermount' was specified as a setuid program.
> WARNING: No executable named `wodim' was found
> WARNING: but `wodim' was specified as a setuid program.
> WARNING: No executable named `cdrdao' was found
> WARNING: but `cdrdao' was specified as a setuid program.
>
> I see there's a option:
>
> security.setuidPrograms = ["passwd" "su" "crontab" "ping" "ping6"
> "fusermount" "wodim" "cdrdao"];
>
> So I guess there's a script somewhere that tries to set the setuid
> attribute of these executables.
It's more complex: it means that `nixos-rebuild' created "setuid
wrappers" for these programs (which normally end up under
`/var/setuid-wrappers'), but that these programs are actually not
installed. It's an indication that `setuidPrograms' is not properly
set.
Anyway, it should certainly be improved to be detected at
`nixos-rebuild'-time, but I'm not sure how.
Thanks,
Ludo'.
More information about the nix-dev
mailing list