[bug#48314] [PATCH v5] Install guix system on Raspberry Pi

[Maxime Devos]

phodina schreef op do 14-04-2022 om 13:03 [+0000]:
> ~$ ssh pi@192.168.1.181
> Last login: Thu Apr 14 14:52:56 2022 from 192.168.1.224
> Could not chdir to home directory /home/pi: Permission denied
> -bash: /home/pi/.bash_profile: Permission denied
> -bash-5.1$ id -u
> 1002
> -bash-5.1$ id -gn
> users
> -bash-5.1$ sudo -E 
> /gnu/store/ja92d7xpmyh94gm6n83bajx9dy4h6pbl-bash-5.1.8/bin/bash
> root@raspberrypi-guix /# ls -al /home/pi
> total 40
> drwx------ 4 1000 users 4096 Nov 24 08:16 ./

You are logging in as 1002.  /home/pi is owned by ‘1000’.  Is this
difference intentional?

Maybe you have added two users, but with the home directory?
(guesswork).

> As you can see the execute bit is missing. Therefore running

The user has the read-write-execute bits, the group and other don't.

> chmod +x /home/pi/
>
> fixed the problem. But I'm unsure why the home dir was created
> without the those flags.

I'm not on Guix System at the moment, so I cannot tell what the usual
behaviour is, but why wouldn't the home directory be non-group-
executable and non-other executable? 

Unless you want to share the contents of your home to other users on
the system, or if you have a web server that looks for
http://.../~pi/index.html in /home/pi/web/index.html or the like,
restricting readability, writability and executability to the actual
‘owner’ of the directory seems good security practice to me.

Usually, AFAICT, all that's needed is for $HOME to be user-readable,
writable and executable.

(/me quickly does "chmod go-rwx $HOME")

Greetings,
Maxime.

signature.asc
Description: This is a digitally signed message part