Describe the bug

In 2.30, build-dir now defaults to /nix/var/nix/builds, and a check is added to make sure none of the components are world writable. However, the error message simply says:

error: Path /nix/var/nix/builds or a parent directory is world-writable or a symlink. That's not allowed for security.

I have found three users in the wild running into this error and at a complete loss of what to do to fix this, assuming that it must be a horrible regression with Nix. Turns out:

• Two of them have / mounted as tmpfs but forgot to specify a mode, leaving it as 1777
• Another user is running a non-standard non-NixOS setup which for some reason has / as mode 0777

It turns out even for moderately experienced Linux users it is not entirely obvious how to get the mode of the root directory. ls -l / shows the contents and does not tell you about the permissions on the root dir itself. You have to use ls -la / which shows root as ., or ls -ld which shows the root on its own.

A better message (such as one pointing out the path and permissions of the exact problematic path) would help users of Nix 2.30 better understand what is wrong.

Steps To Reproduce

• Accidentally mount tmpfs as root without specifying mode=0755, so the mode defaults to 1777
• Try to use Nix basically

Expected behavior

Some useful error message pointing to the fact that / has an insecure mode

Metadata

Nix >= 2.30

Additional context

Checklist

• checked latest Nix manual (source)
• checked open bug issues and pull requests for possible duplicates

Add 👍 to issues you find important.