From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <help-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id UBNRKND5DF+TUAAA0tVLHw
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 14 Jul 2020 00:18:24 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id 2I1DJND5DF9QBgAA1q6Kng
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 14 Jul 2020 00:18:24 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 3B6D294030A
	for <larch@yhetil.org>; Tue, 14 Jul 2020 00:18:23 +0000 (UTC)
Received: from localhost ([::1]:55526 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1jv8eL-0008Jj-Er
	for larch@yhetil.org; Mon, 13 Jul 2020 20:18:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:41860)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <r.majd@pantherx.org>)
 id 1jv8eB-0008JX-Cs
 for help-guix@gnu.org; Mon, 13 Jul 2020 20:18:11 -0400
Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:40187)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <r.majd@pantherx.org>)
 id 1jv8e9-0004Rf-3V
 for help-guix@gnu.org; Mon, 13 Jul 2020 20:18:11 -0400
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.west.internal (Postfix) with ESMTP id 4BB57AAB
 for <help-guix@gnu.org>; Mon, 13 Jul 2020 20:18:06 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute1.internal (MEProxy); Mon, 13 Jul 2020 20:18:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h=
 date:from:to:subject:message-id:mime-version:content-type
 :content-transfer-encoding; s=fm3; bh=9i6Nb68zr9jRsf8aFQs3DTCpt/
 FHCp13KZh0gqzUBso=; b=Wliw7uprfKqRymmgSjqtcRhIZKkER2NhLgtEblxLZ3
 N+lJiV1IwIU5zJKKdiaLkEeTx0AjSwSJGa599nWXbXVrmW5meVIYnR6bdTxm/gar
 lAoKYi8wUpuJQ8AHZwkq4OEdVeAWAS1nGEPzEJMbVGHnmRBORkqZ5PGULFXE8duy
 RA/DGTy1jiI7TGAPuLy76yUYC4+aNn+lsBHMEIESvHuuFK3uionf/U+mKvUfNxAF
 cJ1R4wX/DRR42zvOGR3T4XQ8+FAdApt3I9GUfWPz7tv41lxqxn441L/Dj0W7mQbi
 kfscYG90nlwYy/5Ad4TSDst+3dqN2qbidh7eggVEpEZg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:message-id:mime-version:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9i6Nb6
 8zr9jRsf8aFQs3DTCpt/FHCp13KZh0gqzUBso=; b=SDEip7W0KYI/qlCsaXF7c7
 TAk5lpYWA1VzH8VPIGJN3a4I2oZMAt+fmvjW8K9+8wMcb2nvY9cXao7OE+UvAEbL
 ZZCEfNVwh/tJOIi8l7yzRQegPs9wHiKHTvRZVByzNe4i5PmH9EWq059U0xgv1Se/
 NSKspWQIcqRJSpaNx6Gs3thY3AfOEgNJLejAJigbwwL/kHthKQ61JI8jAyUu2RpA
 7pRO1dCtcu9b431faHWQ6Y5ofINmgaBUMYIdUCqCAkD+h0AQABh9rZeeiUfDj4zx
 hGylPLbPajsV3pFIhrTlbRDGmwfiJ33dUGVfxcVYS41bjFIk38TbmcBMy7929/Cg
 ==
X-ME-Sender: <xms:vfkMXwEdahILXXFf6XMQc-BRS-kI0UAargFLgV5nTZkgSEBtM66ewA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrvdelgdeftdcutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhoofggtgfgsehtjeertd
 ertddvnecuhfhrohhmpeftvgiirgcutehlihiirgguvghhucforghjugcuoehrrdhmrghj
 ugesphgrnhhthhgvrhigrdhorhhgqeenucggtffrrghtthgvrhhnpeffudefjedvgfejhe
 dtkeejgfejjeeghedtudevgeevvddtieeltdeiieevtdeiteenucffohhmrghinhepphgr
 nhhthhgvrhigrdhorhhgnecukfhppedukeehrddvtdelrdduleeirdduieeknecuvehluh
 hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhdrmhgrjhgusehp
 rghnthhhvghrgidrohhrgh
X-ME-Proxy: <xmx:vfkMX5VbHxBWNfYZczrdTAAjBPnzQDFH5ds9b2gHcplmiCAb7Xnt7g>
 <xmx:vfkMX6I0XqT1cY5oPuSJds4qZdK_AgbBB5X-y-jg8zoEPuJ49S2JDg>
 <xmx:vfkMXyFhoeUd5ohGQcP9kfSWj7FHbe5P3NM65CNqiavtWX8V_YrzDw>
 <xmx:vfkMX_Vcmza3YfYLzCVLvdAlfv_OU-qAQC3TbPb1nYkpvfgevZA61g>
Received: from panther-arch.localdomain (unknown [185.209.196.168])
 by mail.messagingengine.com (Postfix) with ESMTPA id 39FE93280066
 for <help-guix@gnu.org>; Mon, 13 Jul 2020 20:18:05 -0400 (EDT)
Date: Tue, 14 Jul 2020 04:48:09 +0430
From: Reza Alizadeh Majd <r.majd@pantherx.org>
To: help-guix@gnu.org
Subject: set permission/ownership for files generated by service
Message-ID: <20200714044809.5ffc4553@panther-arch.localdomain>
Organization: PantherX
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=64.147.123.25; envelope-from=r.majd@pantherx.org;
 helo=wout2-smtp.messagingengine.com
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/13 20:18:06
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x [generic] [fuzzy]
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: help-guix@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=pantherx.org header.s=fm3 header.b=Wliw7upr;
	dkim=pass header.d=messagingengine.com header.s=fm3 header.b=SDEip7W0;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org
X-Spam-Score: -1.21
X-TUID: imu2LegC0YWf

Hi Guix, 

I'm working on a custom service for an application, this application
use a unix socket for communication, and for security purpose I change
the owner group for this socket file and only applications that run by
members of this specific group can access to this socket file.

running the application manually, everything is OK and socket file is
created with desired permissions, but when I try to run this
application as a service, I receive permission error during ownership
modification.

my service definition is as follows:


--8<---------------cut here---------------start------------->8---
(define-record-type* <kyc-configuration>
  kyc-configuration make-kyc-configuration
  kyc-configuration?
  (package kyc-configuration-package
           (default kyc))
  (user kyc-configuration-user
        (default "kyc-service"))
  (group kyc-configuration-group
         (default "kyc-service")))

(define %kyc-accounts
  (list (user-group (name "kyc-service"))
        (user-group (name "kyc-rpc"))
        (user-account
          (name "kyc-service")
          (group "kyc-service")
          (system? #f)
          (supplementary-groups '("wheel" "kyc-rpc" "video"))
          (comment "KYC service user"))))

(define kyc-shepherd-service
  (match-lambda
    (($ <kyc-configuration> package user group)
      (list (shepherd-service
              (provision '(kyc))
              (documentation "Run KYC as a daemon.")
              (requirement '(networking user-processes))
              (modules `((srfi srfi-1)
                                (srfi srfi-26)
                                ,@%default-modules))
              (start #~(make-forkexec-constructor
                        (list
                           (string-append #$package "/bin/kyc"))
                        #:user #$user
                        #:group #$group
                        #:environment-variables
                          (list  (string-append "PATH=" #$coreutils "/bin:" (getenv "PATH"))
                                  (string-append "HOME=" "/home/" #$user))))
              (stop #~(make-kill-destructor)))))))

(define kyc-service-type
  (service-type
    (name 'kyc)
    (extensions (list (service-extension shepherd-root-service-type
                                                          kyc-shepherd-service)
                             (service-extension account-service-type
                                                          (const %kyc-accounts))))
    (default-value (kyc-configuration))))

--8<---------------cut here---------------end--------------->8---

is there anything that I missed for this service definition? 

-- 
Reza Alizadeh Majd
PantherX Team
https://www.pantherx.org/