ln: failed to create symbolic link ... permission denied

[NotAShelf]

I believe a (possibly not so) recent nix update might've changed the way nix handles gcroots, resulting in an error as such:

ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--qc0hlbslqp2z01y8xslis7dacpyl9s1a--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--qqkny0yswva9z821d7yxizxr5bnnyabl--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--a826l87xg0230ispkyv0rbia8hxxhsa7--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--wv2ygydpa6bs3nff1k3zgx7n8fizq7gp--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--wjkj3s8pdhbqrci79yc4hig2hh911jc4--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--2i8zqmz2cqa0grjagw94z7g47199db9k--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--2s91anp0jisx64kzzlb830w0ibgi4whr--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--gm6pmxzzsw0aqfkvqhl04zcsj6khip5z--source': Permission denied
ln: failed to create symbolic link '/nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--9rcwxb0s8m8sgr5bh8lpkbddkm9w345j--source': Permission denied
...

I'm not sure what exactly is wrong, a setup that used to work now throws this on each direnv init/reload/enter

[bbenne10]

What version of nix?
What version of nix-direnv?

What are the permissions on /nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--9rcwxb0s8m8sgr5bh8lpkbddkm9w345j--source itself (and the parent)?

I am afraid that there's not much we can do to help without more information.

We are aware that there's a change to nix 2.14 that will cause issue (moving the user gcroot dir to $HOME will necessitate changes to our gcroot creation logic), but I have not had time to get around to working on #311 yet. Discussion is on going. If you're using 2.14, we'd love some help there.

[NotAShelf]

You're right, I should've provided some info.

The generic nix-meta:

$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.2.9, NixOS, 23.05 (Stoat), 23.05.20230403.53dad94`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.14.1`
 - nixpkgs: `/nix/store/5i6bi3yx11vjkm63vmkms3gs22nvi78r-source`

I enable nix-direnv using programs.nix-direnv, so I believe the version is the same as the nixpkgs one: 2.2.1
The /nix/var/nix/gcroots/per-user/notashelf/home-notashelf-.config-nixos-.direnv-flake--inputs--9rcwxb0s8m8sgr5bh8lpkbddkm9w345j--source directory cannot be created (likely due to the permission issue), but the parent (/nix/var/nix/gcroots/per-user/notashelf) is mode 0755.

If there's anything else you'd like me to provide, please do let me know.

[bbenne10]

What is the owner of /nix/var/nix/gcroots/per-user/notashelf?
For now, I am inclined to say that we simply haven't done enough testing against the 2.14 release of nix to support it, given the breaking changes it introduces to the behaviors we depend on.
However, we obviously want to support it and we're running close to the stabilization timeline of 2.14, so more testing is coming.
If you wouldn't mind, would you be able to try out #311?
I think the problems with that PR are with our testing framework rather than in the actual code (though there may definitely be problems remaining in the implementation). It may work for you, but we still need to get those tests passing.

[NotAShelf]

/nix/var/nix/gcroots/per-user/notashelf

this directory was not actually generated automatically - I made it myself with sudo mkdir -p and is owned by root

If you wouldn't mind, would you be able to try out #311?

I would be delighted to. But I use the nixos module for nix-direnv, guess that would take a nixpkgs fork where the module is updated to use that package?

[bbenne10]

I made it myself with sudo mkdir -p and is owned by root

If the permissions are 0755 and the directory is owned by root, there's your problem. Root is the only user that has write permissions in that directory. Mine is 0755 and is owned by my user. I'm not sure why you created it, but change the owner to notashelf and this error should go away.

guess that would take a nixpkgs fork where the module is updated to use that package?

There is s no need for using a nixpkgs fork. You can do something like this commit (but in reverse) if you use a system flake: bbenne10/nix@d40bb5c

Or you can use the source_url to retrieve https://raw.githubusercontent.com/amarshall/nix-direnv/nix-2.14-state-dir/direnvrc (which is the HEAD of that fork's merge branch). I don't have the sha256 right now, but it should be pretty trivial to calculate. See the README in this repo for help using source_url (but change the url!)

[NotAShelf]

If the permissions are 0755 and the directory is owned by root, there's your problem. Root is the only user that has write permissions in that directory. Mine is 0755 and is owned by my user. I'm not sure why you created it, but change the owner to notashelf and this error should go away.

before having created the directory, it would fail because the directory is missing - which is equally undesirable imo

[bbenne10]

Please excuse my terseness, but this is what happens with an unstable nix build - you get unstable behavior and encounter bugs. We haven't yet completely resolved the behavior in nix 2.14. The PR I am pointing you at attempts to resolve that behavior, but isn't completely ready for merge yet. If you have trouble with that PR, you can either try and resolve the issue itself (and thus contributing to the PR - even if indirectly) or you can roll back to a 2.13 version of nix.

[NotAShelf]

Completely understandable. I apologize if my responses have come out as fractious or accusive. I'll be happy to help resolve the issue as nix-direnv is invaluable to my workflow.

[bbenne10]

I'm just glad to have another set of eyes on the problem. I've gotten exceedingly busy outside of work as of late (preparing for the birth of our second child) and have not had a lot of time to dedicate to outside projects.

I am going to leave this open for the moment, as it is - in fact - a problem with our software. I just don't quite yet know how to resolve it meaningfully without the work in #311. We'll continue discussion there.

[bbenne10]

Given that I just merged #311, I think we should see that this is resolved.
You'll get gcroots in wherever nix is supposed to create gcroots.
In Nix 2.14+, this will be in $XDG_DATA_DIR/nix/gcroots provided that the old path (/nix/var/nix/{profiles,gcroots}/per-user/$USER)does not exist.

If you continue to have trouble - please open a new issue. Thanks!