From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id QDOvBcRx3WI6ZAAAbAwnHQ (envelope-from ) for ; Sun, 24 Jul 2022 18:22:28 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id UHDbBMRx3WIzdgEAG6o9tA (envelope-from ) for ; Sun, 24 Jul 2022 18:22:28 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D891133ACB for ; Sun, 24 Jul 2022 18:22:27 +0200 (CEST) Received: from localhost ([::1]:51794 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oFeN9-0003Aj-12 for larch@yhetil.org; Sun, 24 Jul 2022 12:22:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56364) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oFeLE-0000lN-4A for guix-devel@gnu.org; Sun, 24 Jul 2022 12:20:28 -0400 Received: from linode.us-core.com ([2600:3c01::f03c:93ff:fe26:6229]:41644) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oFeLC-0008A1-5Q for guix-devel@gnu.org; Sun, 24 Jul 2022 12:20:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=HWPeaITPfvjX1f+ l0803RtpYrbmxPm2cCkS84LBClQg=; h=cc:to:subject:date:from:in-reply-to: references; d=lease-up.com; b=izLjS0aBLwZiuftf2AgtiwZRJsT8QiWlJQBHk6OH g1KS/NCZstefjZagCFRaqmVHsLzVaqP6AStZYEJogjW45bo8gvkNxfz+mlMb6gp4TOEtCs UuTES43EZ3XCz0BHFdAdR2l5bglA0Nccmwq1GIBiU8/Txj08eohs7EuZhw0+Y= Received: by localhost (OpenSMTPD) with ESMTPSA id 7584de29 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Sun, 24 Jul 2022 16:20:42 +0000 (UTC) Received: by mail-lj1-f171.google.com with SMTP id o12so10581910ljc.3 for ; Sun, 24 Jul 2022 09:20:20 -0700 (PDT) X-Gm-Message-State: AJIora8qdaRG4GIzsnIURYwEa5AFgN3mZohmUKSJjEqffKPNs94qui1A 4uTgulpEu9623CPLI06N8Rzca7JCTd9wKDor6wE= X-Google-Smtp-Source: AGRyM1uDpCktfswcEcygbB2mbfXp08Z4AXrS41ZQzIYlFj6k352egBbLFrQKy0O7CKBsCy1sMgGwSxzR3jupIYt+4FE= X-Received: by 2002:a2e:bd13:0:b0:244:da2f:ff4d with SMTP id n19-20020a2ebd13000000b00244da2fff4dmr2884404ljq.213.1658679618721; Sun, 24 Jul 2022 09:20:18 -0700 (PDT) MIME-Version: 1.0 References: <3216B1FC-8597-4D68-B4C0-BD5F67E86F53@tobias.gr> In-Reply-To: <3216B1FC-8597-4D68-B4C0-BD5F67E86F53@tobias.gr> Date: Sun, 24 Jul 2022 09:19:42 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: User group during build process To: Maya Cc: "guix-devel@gnu.org" Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2600:3c01::f03c:93ff:fe26:6229; envelope-from=felix.lechner@lease-up.com; helo=linode.us-core.com X-Spam_score_int: 16 X-Spam_score: 1.6 X-Spam_bar: + X-Spam_report: (1.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SBL_CSS=3.335, RCVD_IN_XBL=0.375, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" Reply-to: Felix Lechner From: Felix Lechner via "Development of GNU Guix and the GNU System distribution." X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658679747; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=b86qRmtUGzgrMmYJYTcm7iQFJGgMq0OARbjJK86SCYk=; b=XEm0/b1RCW3Jbdms+QfGiKOGLTzb9lyqKhlS7Us9E+yc5MiU9RiOuHB9lYQKOv3msWx42K Md6IhAQW/Mpw6Hj8xxpYSUrkelP+Tk0SIQqEj9nVJ5eWv+q4qiNxyJ2a2bttFYey+zZh/z 5DIrMZ5ezP9vVwxclIhu8wVbvTP0vitdtepr/Dj6E7cVoFdNZoJyM06Ortz1U5zU8yfOlA gmiOLRy5/7zrLgIYoCYRSOAOyrMiOIgUbEyA3anGuIzE651veU6Lecu59mdEY/XEmYFTPW f1KeOkJknwZO5RNy6H2mSRsYmxrQ5d9dvS/F02AHCchGt68Pzdon+UALILVfRQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658679747; a=rsa-sha256; cv=none; b=q0SZ7++WLIsUlYUEQySfR9yaUNyFnDLoAMOCiR3XgTuu+bC3Ct5Loyma8HfnaFxGKBINmK W2SKG/J0TuyUJX1aIioFQiN1+bFqq61Zhb1WPGRJcBonKDueHEeNXYVO4rWj2pSwKL1Dtl VYFCDx83WeoyX1EUFsRpPZ32HsK774x5IsSWGM3sVun9rkB9HPLt6KDkbNgqWC6cmDLfv9 VRsIpaENRmHbW5P0GVuk2akwYYYtWrLuLq7lASN8r/0qu+ozqsHGoCESAIUW1eLdSpRyiF DW5mWGVQpfV+JXRxf7KPDdzaez6V3SPBb9jaDlT1uUpZDXK9cIJFdkwJDsyrCw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=izLjS0aB; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 1.27 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=izLjS0aB; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: D891133ACB X-Spam-Score: 1.27 X-Migadu-Scanner: scn0.migadu.com X-TUID: r0JvOcIwjFaA Hi, On Sun, Jul 24, 2022 at 7:14 AM Tobias Geerinckx-Rice wrote: > > The correct way to make smtpctl setgid is to use Guix System's setuid-programs field, and use (setgid? #t) (group "smtpq") for smtpctl. In line with TGR's recommendation, the snippet below works locally. Kind regards Felix Lechner * * * (setuid-programs (append (list (setuid-program (program (file-append opensmtpd "/sbin/smtpctl")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/sendmail")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/send-mail")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/makemap")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/mailq")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/newaliases")) (setuid? #false) (setgid? #true) (group "smtpq"))) %setuid-programs))