Re: User group during build process

2022-07-24 Thread Tobias Geerinckx-Rice 
Hiya,

On 24 July 2022 19:17:29 UTC, Maya  wrote:
> shouldn’t opensmtpd-service-type already extend setuid-program-service-type 
> with appropriate setuids?

A matter of taste (I disagree with your characterisation 'useless'!), but I 
certainly wouldn't mind.  Plenty of services do this for convenience nowadays.

You seem to be familiar with the mechanisms needed; would you like to propose a 
patch?

Kind regards,

T G-R

Sent on the go.  Excuse or enjoy my brevity.

Re: User group during build process

2022-07-24 Thread Maya 
Hi!

Thank you both for the responses. Although I wanted to ask you, can I use the 
setuid-program-service-type?

If yes, shouldn’t opensmtpd-service-type already extend 
setuid-program-service-type with appropriate setuids? As it right now renders 
smtpctl unusable.

With all the best wishes,
Maya

>

Re: User group during build process

2022-07-24 Thread Development of GNU Guix and the GNU System distribution. 
Hi,

On Sun, Jul 24, 2022 at 7:14 AM Tobias Geerinckx-Rice  wrote:
>
> The correct way to make smtpctl setgid is to use Guix System's 
> setuid-programs field, and use (setgid? #t) (group "smtpq") for smtpctl.

In line with TGR's recommendation, the snippet below works locally.

Kind regards
Felix Lechner

* * *

  (setuid-programs
   (append (list

(setuid-program
 (program (file-append opensmtpd "/sbin/smtpctl"))
 (setuid? #false)
 (setgid? #true)
 (group "smtpq"))

(setuid-program
 (program (file-append opensmtpd "/sbin/sendmail"))
 (setuid? #false)
 (setgid? #true)
 (group "smtpq"))

(setuid-program
 (program (file-append opensmtpd "/sbin/send-mail"))
 (setuid? #false)
 (setgid? #true)
 (group "smtpq"))

(setuid-program
 (program (file-append opensmtpd "/sbin/makemap"))
 (setuid? #false)
 (setgid? #true)
 (group "smtpq"))

(setuid-program
 (program (file-append opensmtpd "/sbin/mailq"))
 (setuid? #false)
 (setgid? #true)
 (group "smtpq"))

(setuid-program
 (program (file-append opensmtpd "/sbin/newaliases"))
 (setuid? #false)
 (setgid? #true)
 (group "smtpq")))

 %setuid-programs))

Re: User group during build process

2022-07-24 Thread Tobias Geerinckx-Rice 
Hi Maya!

So... You cannot change group ownership in the store.  There are no additional 
user groups in the build environment.  The chgrp failing is by design ('it's a 
feature, not a bug'), and there's no way to subvert this.  The group is not 
required during the build process.

The correct way to make smtpctl setgid is to use Guix System's setuid-programs 
field, and use (setgid? #t) (group "smtpq") for smtpctl.

Kind regards,

T G-R

Sent on the go.  Excuse or enjoy my brevity.