From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UBNRKND5DF+TUAAA0tVLHw (envelope-from ) for ; Tue, 14 Jul 2020 00:18:24 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 2I1DJND5DF9QBgAA1q6Kng (envelope-from ) for ; Tue, 14 Jul 2020 00:18:24 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3B6D294030A for ; Tue, 14 Jul 2020 00:18:23 +0000 (UTC) Received: from localhost ([::1]:55526 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jv8eL-0008Jj-Er for larch@yhetil.org; Mon, 13 Jul 2020 20:18:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41860) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jv8eB-0008JX-Cs for help-guix@gnu.org; Mon, 13 Jul 2020 20:18:11 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:40187) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jv8e9-0004Rf-3V for help-guix@gnu.org; Mon, 13 Jul 2020 20:18:11 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 4BB57AAB for ; Mon, 13 Jul 2020 20:18:06 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Mon, 13 Jul 2020 20:18:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h= date:from:to:subject:message-id:mime-version:content-type :content-transfer-encoding; s=fm3; bh=9i6Nb68zr9jRsf8aFQs3DTCpt/ FHCp13KZh0gqzUBso=; b=Wliw7uprfKqRymmgSjqtcRhIZKkER2NhLgtEblxLZ3 N+lJiV1IwIU5zJKKdiaLkEeTx0AjSwSJGa599nWXbXVrmW5meVIYnR6bdTxm/gar lAoKYi8wUpuJQ8AHZwkq4OEdVeAWAS1nGEPzEJMbVGHnmRBORkqZ5PGULFXE8duy RA/DGTy1jiI7TGAPuLy76yUYC4+aNn+lsBHMEIESvHuuFK3uionf/U+mKvUfNxAF cJ1R4wX/DRR42zvOGR3T4XQ8+FAdApt3I9GUfWPz7tv41lxqxn441L/Dj0W7mQbi kfscYG90nlwYy/5Ad4TSDst+3dqN2qbidh7eggVEpEZg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9i6Nb6 8zr9jRsf8aFQs3DTCpt/FHCp13KZh0gqzUBso=; b=SDEip7W0KYI/qlCsaXF7c7 TAk5lpYWA1VzH8VPIGJN3a4I2oZMAt+fmvjW8K9+8wMcb2nvY9cXao7OE+UvAEbL ZZCEfNVwh/tJOIi8l7yzRQegPs9wHiKHTvRZVByzNe4i5PmH9EWq059U0xgv1Se/ NSKspWQIcqRJSpaNx6Gs3thY3AfOEgNJLejAJigbwwL/kHthKQ61JI8jAyUu2RpA 7pRO1dCtcu9b431faHWQ6Y5ofINmgaBUMYIdUCqCAkD+h0AQABh9rZeeiUfDj4zx hGylPLbPajsV3pFIhrTlbRDGmwfiJ33dUGVfxcVYS41bjFIk38TbmcBMy7929/Cg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrvdelgdeftdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhoofggtgfgsehtjeertd ertddvnecuhfhrohhmpeftvgiirgcutehlihiirgguvghhucforghjugcuoehrrdhmrghj ugesphgrnhhthhgvrhigrdhorhhgqeenucggtffrrghtthgvrhhnpeffudefjedvgfejhe dtkeejgfejjeeghedtudevgeevvddtieeltdeiieevtdeiteenucffohhmrghinhepphgr nhhthhgvrhigrdhorhhgnecukfhppedukeehrddvtdelrdduleeirdduieeknecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhdrmhgrjhgusehp rghnthhhvghrgidrohhrgh X-ME-Proxy: Received: from panther-arch.localdomain (unknown [185.209.196.168]) by mail.messagingengine.com (Postfix) with ESMTPA id 39FE93280066 for ; Mon, 13 Jul 2020 20:18:05 -0400 (EDT) Date: Tue, 14 Jul 2020 04:48:09 +0430 From: Reza Alizadeh Majd To: help-guix@gnu.org Subject: set permission/ownership for files generated by service Message-ID: <20200714044809.5ffc4553@panther-arch.localdomain> Organization: PantherX X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=64.147.123.25; envelope-from=r.majd@pantherx.org; helo=wout2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/13 20:18:06 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=pantherx.org header.s=fm3 header.b=Wliw7upr; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=SDEip7W0; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -1.21 X-TUID: imu2LegC0YWf Hi Guix, I'm working on a custom service for an application, this application use a unix socket for communication, and for security purpose I change the owner group for this socket file and only applications that run by members of this specific group can access to this socket file. running the application manually, everything is OK and socket file is created with desired permissions, but when I try to run this application as a service, I receive permission error during ownership modification. my service definition is as follows: --8<---------------cut here---------------start------------->8--- (define-record-type* kyc-configuration make-kyc-configuration kyc-configuration? (package kyc-configuration-package (default kyc)) (user kyc-configuration-user (default "kyc-service")) (group kyc-configuration-group (default "kyc-service"))) (define %kyc-accounts (list (user-group (name "kyc-service")) (user-group (name "kyc-rpc")) (user-account (name "kyc-service") (group "kyc-service") (system? #f) (supplementary-groups '("wheel" "kyc-rpc" "video")) (comment "KYC service user")))) (define kyc-shepherd-service (match-lambda (($ package user group) (list (shepherd-service (provision '(kyc)) (documentation "Run KYC as a daemon.") (requirement '(networking user-processes)) (modules `((srfi srfi-1) (srfi srfi-26) ,@%default-modules)) (start #~(make-forkexec-constructor (list (string-append #$package "/bin/kyc")) #:user #$user #:group #$group #:environment-variables (list (string-append "PATH=" #$coreutils "/bin:" (getenv "PATH")) (string-append "HOME=" "/home/" #$user)))) (stop #~(make-kill-destructor))))))) (define kyc-service-type (service-type (name 'kyc) (extensions (list (service-extension shepherd-root-service-type kyc-shepherd-service) (service-extension account-service-type (const %kyc-accounts)))) (default-value (kyc-configuration)))) --8<---------------cut here---------------end--------------->8--- is there anything that I missed for this service definition? -- Reza Alizadeh Majd PantherX Team https://www.pantherx.org/