/run/user/$UID has 0755 access permissions by default

[e-nikolov]

Bug description

On regular NixOS and other distributions /run/user/$UID has 0700 access permissions but on NixOS-WSL it has 0755. This causes problems for some programs like 1password's CLI op which produces an error like: XDG_RUNTIME_DIR file permissions too open, refusing to use

This might be a WSL issue since Ubuntu on WSL also has it set to 0755. Also manually changing the permissions via chmod only lasts until reboot. Is there a way to automatically set the permissions in NixOS-WSL?

[SuperSandro2000]

IIRC this is intended, see NixOS/nixpkgs@03e79e9

[e-nikolov]

This commit is from a PR that isn't merged yet and it discusses /run/dbus, not /run/user/$UID.

On my purely NixOS system I have these permissions:

❯ stat -c %a /run/user/1000
700
❯ stat -c %a /run/user
755
❯ stat -c %a /run/dbus
755

While on my NixOS-WSL system I have these:

❯ stat -c %a /run/user/1000
755
❯ stat -c %a /run/user
755
❯ stat -c %a /run/dbus
755

[aidan-mundy]

FWIW, this is also the case on the default Ubuntu WSL image, and is also causing issues for me with 1password

[e-nikolov]

Initially I had a service to fix the permissions when 1Password starts up inside WSL:

  systemd.user.services = {
    _1password_gui_autostart = {
      Unit = { Description = "1Password GUI Autostart"; };

      Service = {
        Environment = "DISPLAY=:0";
        ExecStartPre = "${pkgs.coreutils-full}/bin/chmod 700 /run/user/1000";
        ExecStart = "${pkgs._1password-gui}/bin/1password";
        Restart = "always";
      };
      Install.WantedBy = [ "default.target" ];
    };
  };

But eventually, it made more sense to configure WSL to use the Windows version of 1Password so that I don't have to run 2 instances:

{ config, pkgs, lib, ... }: {
  programs.git.extraConfig.gpg.ssh.program = "op-ssh-sign-wsl";
  programs.git.extraConfig.core.sshCommand = "ssh.exe";
  home.shellAliases = {
    ssh = "ssh.exe ";
    op = "op.exe";
  };
}