From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id kOy8EU4EPl9qdAAA0tVLHw (envelope-from ) for ; Thu, 20 Aug 2020 05:04:14 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id 0IuWDU4EPl8PeQAAB5/wlQ (envelope-from ) for ; Thu, 20 Aug 2020 05:04:14 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B14889400EF for ; Thu, 20 Aug 2020 05:04:13 +0000 (UTC) Received: from localhost ([::1]:33502 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k8ckG-0002Hu-Dv for larch@yhetil.org; Thu, 20 Aug 2020 01:04:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39776) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k8ck4-0002Hl-75 for guix-devel@gnu.org; Thu, 20 Aug 2020 01:04:00 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:42495) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k8ck2-0006NV-89 for guix-devel@gnu.org; Thu, 20 Aug 2020 01:03:59 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id EAECB5C0035; Thu, 20 Aug 2020 01:03:54 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Thu, 20 Aug 2020 01:03:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h= date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm3; bh= 5J9E4oucJii7zXJJt72WEHDtIEh+jht/IJTopnG8nug=; b=Ot3XnRHgkkqDaslZ SwOlGl62TL0waUkySrH+r8+c2Hj/QcPzR3OMQm/eIpuXLQ9eRhxVCoVqYMX5morI PDwJps7/uQCd2NEf3T78zPLmKtK0ivctw0/zKsWWkE/qLkMAOsFvNGBsJt1l3AhA brs3wDpQkYtqBF0hVvTgZ47a3/7+cWSO4JlqjRk2kxLdX/HZCzH9aWeRAVcEYybc DxicOOpe0lLJcn4Zepq0dFuIefvVIFhaiCgZuxpvI93oqpT1TVSH7xOycJV7+JqV /dVYwKjrJunyHzMFCPS/inQ3zjKdlPR2T3hNLVfQlS+TVQqEKPkk7btlKMtweMmx vN/Xfg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=5J9E4oucJii7zXJJt72WEHDtIEh+jht/IJTopnG8n ug=; b=Q5cdFCLAMta2LjcgWhGV+NC5RfzOt3JfxNoJMT+Ym+9uJqG8um+RtIuj2 1AbIitRt/iMFQu1B173Kp7R04AJWrl20G+upCCKvx6uq6UPA2Cp/a/5k7keMOO+o s8c8s4A8j6xxsnY5HqkAvMkp3ByQnzMQIqI1v+27Ja5wI04Tr6tPOUgFhaNGOOXG X/vcrqv0eQBvD2vJo4uwhTeNDAYG2WOEs9LvTzzNKn5/u94L21+qeLQJG1UJbeVW Hc96L8JgpcM6J/6HIS500adRv+kOhXFtiNpmi0qrrC+ZFQofJ0/noue1HBjiTHwz 2qduFMZLBr/dTHoiOfJnEZCQA5TBg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddtledgjeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfgjfhhoofggtgfgsehtjeertdertddvnecuhfhrohhmpeftvgii rgcutehlihiirgguvghhucforghjugcuoehrrdhmrghjugesphgrnhhthhgvrhigrdhorh hgqeenucggtffrrghtthgvrhhnpeejkedtleehgeefleeugfejfedvudektdegfeethfeg ieegkeejheetheejjeejtdenucffohhmrghinhepphgrnhhthhgvrhigrdhorhhgnecukf hppedukeehrddvtdelrdduleeirddufeeknecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomheprhdrmhgrjhgusehprghnthhhvghrgidrohhrgh X-ME-Proxy: Received: from panther-arch.localdomain (unknown [185.209.196.138]) by mail.messagingengine.com (Postfix) with ESMTPA id 9C1DD328005A; Thu, 20 Aug 2020 01:03:53 -0400 (EDT) Date: Thu, 20 Aug 2020 09:33:51 +0430 From: Reza Alizadeh Majd To: Julien Lepiller Subject: Re: Allow to add more than one group for service user Message-ID: <20200820093351.6b177578@panther-arch.localdomain> In-Reply-To: <02CEB542-5515-4A42-9349-B598738FBE0C@lepiller.eu> References: <20200819121659.2d1d7fb6@panther-arch.localdomain> <20200819204834.4136d041@panther-arch.localdomain> <02CEB542-5515-4A42-9349-B598738FBE0C@lepiller.eu> Organization: PantherX X-Mailer: Claws Mail 3.17.6 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=66.111.4.25; envelope-from=r.majd@pantherx.org; helo=out1-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/20 00:32:52 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=pantherx.org header.s=fm3 header.b=Ot3XnRHg; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=Q5cdFCLA; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.21 X-TUID: JOPeqJhsNBVI On Wed, 19 Aug 2020 14:13:43 -0400 Julien Lepiller wrote: > From what I understand, the generated /etc/group is correct, but > loging as kyc-service, even after a reboot, you don't see the > additional groups? in order to replicate this issue I had prepared a `test-service` that provides bash access inside a screen for a test user: --8<---------------cut here---------------start------------->8--- (use-modules (gnu) (gnu system) (gnu system shadow) (gnu packages admin) (gnu packages bash) (gnu packages base) (gnu packages screen) (gnu services shepherd) (guix gexp) (guix records) (ice-9 match)) (define-record-type* test-configuration make-test-configuration test-configuration? (package test-configuration-package (default bash))) (define test-shepherd-service (match-lambda (($ package) (list (shepherd-service (provision '(test-service)) (documentation "run a bash instance inside screen") (requirement '(user-processes)) (start #~(make-forkexec-constructor (list (string-append #$screen "/bin/screen") "-D" "-m" "-S" "test-service" (string-append #$package "/bin/sh")) #:user "test" #:group "users")) (stop #~(make-kill-destructor))))))) (define (test-accounts config) "return the user accounts for test-service" (list (user-group (name "testgrp")) (user-account (name "test") (group "testgrp") (system? #t) (comment "test user") (supplementary-groups '("users" "wheel")) (home-directory "/home/test")))) (define test-service-type (service-type (name 'test-service) (extensions (list (service-extension shepherd-root-service-type test-shepherd-service) (service-extension account-service-type test-accounts))) (default-value (test-configuration)))) --8<---------------cut here---------------end--------------->8--- using above snippet, I realized that the only group which is set to `#:group` parameter of `make-forkexec-constructor` (`users` in this test) is available for service. --8<---------------cut here---------------start------------->8--- root@panther ~# su - test -bash-5.0$ groups testgrp users wheel -bash-5.0$ screen -r test-service sh-5.0$ groups users --8<---------------cut here---------------end--------------->8--- -- Reza Alizadeh Majd PantherX Team https://www.pantherx.org/