flox icon indicating copy to clipboard operation
flox copied to clipboard
verified publisher icon flox

Using activate with sudo breaks later activations without sudo

Open mkenigs opened this issue 8 months ago • 4 comments

See details in https://flox-dev.slack.com/archives/C05P6A5J6U8/p1745950722575169?thread_ts=1745950512.156669&cid=C05P6A5J6U8

Sounds like

sudo flox activate
flox activate

results in

Error: Permission denied (os error 13)

This appears to have been caused by root owning .cache/flox/run/fa51161e/activations.json

mkenigs avatar Apr 30 '25 18:04 mkenigs

We're treating ~/.cache/flox/run as XDG_RUNTIME_DIR, which per XDG spec: The directory MUST be owned by the user, and they MUST be the only one having read and write access to it. Its Unix access mode MUST be 0700

We may need to check how we're determining the directory when running as root

mkenigs avatar Apr 30 '25 18:04 mkenigs

We may need to check how we're determining the directory when running as root

It's not just root - root is just the user that has the power to corrupt the cache, while all others will see a failure. In general we'll need to use geteuid() to identify the effective UID as part of deciding where to put these files.

limeytexan avatar May 01 '25 13:05 limeytexan

We should verify whether we still need to reset USER and HOME at the same time after https://github.com/flox/flox/pull/3191

dcarley avatar Jun 05 '25 14:06 dcarley

Running into this when trying to set up Flox inside containers for background agents. The agent operates everything as the default user (ubuntu in this case), however because it's in a container the Flox environment needs to be built as root, and so we're currently unable to use flox for this purpose.

sciyoshi avatar Sep 03 '25 16:09 sciyoshi

Occurrence from the wild: https://flox-dev.sentry.io/issues/7034292544/?project=4506548241825792

dcarley avatar Nov 17 '25 14:11 dcarley