about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/build.cc15
-rw-r--r--src/libstore/local-store.cc13
-rw-r--r--src/libstore/local-store.hh9
3 files changed, 31 insertions, 6 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index c4ff62891404..7ae0dd4ec459 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -452,12 +452,18 @@ void UserLock::release()
 }
 
 
-static bool amPrivileged()
+bool amPrivileged()
 {
     return geteuid() == 0;
 }
 
 
+bool haveBuildUsers()
+{
+    return querySetting("build-users-group", "") != "";
+}
+
+
 static void killUserWrapped(uid_t uid)
 {
     if (amPrivileged())
@@ -468,7 +474,7 @@ static void killUserWrapped(uid_t uid)
 }
 
 
-static void getOwnership(const Path & path)
+void getOwnership(const Path & path)
 {
     string program = nixLibexecDir + "/nix-setuid-helper";
             
@@ -513,8 +519,7 @@ static void deletePathWrapped(const Path & path)
     /* When using build users and we're not root, we may not have
        sufficient permission to delete the path.  So use the setuid
        helper to change ownership to us. */
-    if (querySetting("build-users-group", "") != ""
-        || !amPrivileged())
+    if (haveBuildUsers() && !amPrivileged())
         getOwnership(path);
     deletePath(path);
 }
@@ -1320,7 +1325,7 @@ void DerivationGoal::startBuilder()
     
     /* If `build-users-group' is not empty, then we have to build as
        one of the members of that group. */
-    if (querySetting("build-users-group", "") != "") {
+    if (haveBuildUsers()) {
         buildUser.acquire();
         assert(buildUser.getUID() != 0);
         assert(buildUser.getGID() != 0);
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 143f093e5bac..237800209714 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -710,7 +710,18 @@ void deleteFromStore(const Path & _path, unsigned long long & bytesFreed)
     }
     txn.commit();
 
-    deletePath(path, bytesFreed);
+    try {
+        /* First try to delete it ourselves. */
+        deletePath(path, bytesFreed);
+    } catch (SysError & e) {
+        /* If this failed due to a permission error, then try it with
+           the setuid helper. */
+        if (haveBuildUsers() && !amPrivileged()) {
+            getOwnership(path);
+            deletePath(path, bytesFreed);
+        } else
+            throw;
+    }
 }
 
 
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index 58bb70d0e4d5..6e2350abef7e 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -139,6 +139,15 @@ void deleteFromStore(const Path & path, unsigned long long & bytesFreed);
 
 void verifyStore(bool checkContents);
 
+/* Whether we are in build users mode. */
+bool haveBuildUsers();
+
+/* Whether we are root. */
+bool amPrivileged();
+
+/* Recursively change the ownership of `path' to the current uid. */
+void getOwnership(const Path & path);
+
  
 }