[-- Attachment #1: Type: text/plain, Size: 830 bytes --] Hi, I have been setting up mail server on my guix machine and I have found a bug. The smtpctl command from the opensmptd package requires to be owned by the smtpq group. The problem is, that this group is added by opensmtp-service, but it is required during the build process as can be seen here http://ci.guix.gnu.org/build/748270/log/raw (search for chgrp) I write to you since I’m not sure how to fix it idiomatically. Here are my solutions: a) smtpq can be a system group that exists on all guix machines b) smtpq will get a static gid, the build process will create a dummy group with that gid, chgrp the file to that group and the opensmtp-service-type will create user-group smtpq with that static gid (i dont know if there’s an index of reserved guix gids) c) patch the upstream opensmtpd With all the best, Maya [-- Attachment #2: Type: text/html, Size: 1113 bytes --]
Hi Maya! So... You cannot change group ownership in the store. There are no additional user groups in the build environment. The chgrp failing is by design ('it's a feature, not a bug'), and there's no way to subvert this. The group is not required during the build process. The correct way to make smtpctl setgid is to use Guix System's setuid-programs field, and use (setgid? #t) (group "smtpq") for smtpctl. Kind regards, T G-R Sent on the go. Excuse or enjoy my brevity.
Hi,
On Sun, Jul 24, 2022 at 7:14 AM Tobias Geerinckx-Rice <me@tobias.gr> wrote:
>
> The correct way to make smtpctl setgid is to use Guix System's setuid-programs field, and use (setgid? #t) (group "smtpq") for smtpctl.
In line with TGR's recommendation, the snippet below works locally.
Kind regards
Felix Lechner
* * *
(setuid-programs
(append (list
(setuid-program
(program (file-append opensmtpd "/sbin/smtpctl"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))
(setuid-program
(program (file-append opensmtpd "/sbin/sendmail"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))
(setuid-program
(program (file-append opensmtpd "/sbin/send-mail"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))
(setuid-program
(program (file-append opensmtpd "/sbin/makemap"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))
(setuid-program
(program (file-append opensmtpd "/sbin/mailq"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))
(setuid-program
(program (file-append opensmtpd "/sbin/newaliases"))
(setuid? #false)
(setgid? #true)
(group "smtpq")))
%setuid-programs))
[-- Attachment #1: Type: text/plain, Size: 301 bytes --] Hi! Thank you both for the responses. Although I wanted to ask you, can I use the setuid-program-service-type? If yes, shouldn’t opensmtpd-service-type already extend setuid-program-service-type with appropriate setuids? As it right now renders smtpctl unusable. With all the best wishes, Maya > [-- Attachment #2: Type: text/html, Size: 519 bytes --]
Hiya,
On 24 July 2022 19:17:29 UTC, Maya <maya.omase@protonmail.com> wrote:
> shouldn’t opensmtpd-service-type already extend setuid-program-service-type with appropriate setuids?
A matter of taste (I disagree with your characterisation 'useless'!), but I certainly wouldn't mind. Plenty of services do this for convenience nowadays.
You seem to be familiar with the mechanisms needed; would you like to propose a patch?
Kind regards,
T G-R
Sent on the go. Excuse or enjoy my brevity.