From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <help-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id yLp2Li2iDV8+NAAA0tVLHw
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 14 Jul 2020 12:16:45 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id cMc0Ki2iDV8kIAAAbx9fmQ
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 14 Jul 2020 12:16:45 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id C27919403C9
	for <larch@yhetil.org>; Tue, 14 Jul 2020 12:16:44 +0000 (UTC)
Received: from localhost ([::1]:55680 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <help-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1jvJrW-0002fI-Cn
	for larch@yhetil.org; Tue, 14 Jul 2020 08:16:42 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36156)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <r.majd@pantherx.org>)
 id 1jvJrO-0002f8-Oi
 for help-guix@gnu.org; Tue, 14 Jul 2020 08:16:34 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:38233)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <r.majd@pantherx.org>)
 id 1jvJrM-0006Sg-SG
 for help-guix@gnu.org; Tue, 14 Jul 2020 08:16:34 -0400
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.nyi.internal (Postfix) with ESMTP id 3AF0A5C00B1;
 Tue, 14 Jul 2020 08:16:31 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute1.internal (MEProxy); Tue, 14 Jul 2020 08:16:31 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h=
 date:from:to:cc:subject:message-id:in-reply-to:references
 :mime-version:content-type:content-transfer-encoding; s=fm3; bh=
 /LRiO7soESHo2WfdNBzbRxIrW2HUffy/OPSZxlzW5Hk=; b=kMCf/btjh9VLxamY
 KlTlBT9t3GXCn5PZtSLEK80Bx4oj7ro3TkNNHVIteX/QWpzIYLMHmB743RYsLQR/
 llXAFWBLpY447ea6BRAyv3MOZF9et11SMBi9zsS8ZrQRR9w/1B3Qz0znZcXBWoDx
 gnajci8AQRV5uj6cRlfw2BYk0SsmxjIvoQKlBIVLXwNwo2e2YAZJ4n5kF1kj1nQ5
 MoeTxlYp4ioJQca40y8+uWabIAo/GHNtvDONT8i5jeOJeRyGbruxnN6QIfd9hT/6
 APbw/EpNWpTuTKxwWW6vVXi2frI4vorUcSFT2m7czAt4xfmyrHhrhktwk3SMb+rx
 roi4dg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm3; bh=/LRiO7soESHo2WfdNBzbRxIrW2HUffy/OPSZxlzW5
 Hk=; b=gQcVrGsQDIT5EMnwk9WjgnrbVbh9/6CCSL6e0YnlQT/P0LZOkx9D0PJX2
 uuLRjo7+itAlqrPRXbS3ieRF8PafmxP4bIFDieK3rfQCcHBAkBmjwwua2KcIwbFf
 np5kJQ962zWNlYm1aXwT51SOAmECGuKA+TN6n5ucXhNEkCI5NJndtF96bdGr5LjY
 NWwbp4lF+qfpam6wkn3bUXIdmU4fzDx4bfLhkzB8qbuXittIFLsTWy7QfjFREZLg
 VrtcaSo3apFWIbzKArQTHN5c2hgfFoP1OcEDU5NLWHb/8JSkISSVmUg9eYLBzsze
 b4pJZrDP83iQYnmXu+A1Z0ZirrUhw==
X-ME-Sender: <xms:HqINX-ifejkkznhOeMSTXglVYQnIXmkbPocLpXDhvE-1JL8VGbMOtg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrfedtgdehudcutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
 fjughrpeffhffvuffkjghfohfogggtgfesthejredtredtvdenucfhrhhomheptfgviigr
 ucetlhhiiigruggvhhcuofgrjhguuceorhdrmhgrjhgusehprghnthhhvghrgidrohhrgh
 eqnecuggftrfgrthhtvghrnhepjeektdelheegfeeluefgjeefvddukedtgeeftefhgeei
 geekjeehteehjeejjedtnecuffhomhgrihhnpehprghnthhhvghrgidrohhrghenucfkph
 epudekhedrvddtledrudeliedrudeikeenucevlhhushhtvghrufhiiigvpedtnecurfgr
 rhgrmhepmhgrihhlfhhrohhmpehrrdhmrghjugesphgrnhhthhgvrhigrdhorhhg
X-ME-Proxy: <xmx:HqINX_ChtoYUVtm3YYhKaznJOyyCY4m8ys8I0_5q7VdIJ92yfw5L3Q>
 <xmx:HqINX2Hr4NGxfsKF0u5iH1cZ5V0ZsuxdTvHWVD1PpofOdmHOZNXhcg>
 <xmx:HqINX3TKjNDfFXdYrq5Cf17iRUxTwjjpZ1wExdGydk1egGlh7SCnAg>
 <xmx:H6INX8sik7Ov8xhuqp1JEJ5V7vfiRM1IXm4-OI9yoyRWYypeg2B9-Q>
Received: from panther-arch.localdomain (unknown [185.209.196.168])
 by mail.messagingengine.com (Postfix) with ESMTPA id DA15A328005A;
 Tue, 14 Jul 2020 08:16:28 -0400 (EDT)
Date: Tue, 14 Jul 2020 16:46:31 +0430
From: Reza Alizadeh Majd <r.majd@pantherx.org>
To: Efraim Flashner <efraim@flashner.co.il>
Subject: Re: set permission/ownership for files generated by service
Message-ID: <20200714164631.75765b5a@panther-arch.localdomain>
In-Reply-To: <20200714091029.GG10256@E5400>
References: <20200714044809.5ffc4553@panther-arch.localdomain>
 <058F2A5B-1B2D-449E-9556-7D19625C8D8C@lepiller.eu>
 <20200714125456.314ac748@panther-arch.localdomain>
 <20200714091029.GG10256@E5400>
Organization: PantherX
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=66.111.4.27; envelope-from=r.majd@pantherx.org;
 helo=out3-smtp.messagingengine.com
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/14 08:16:31
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x [generic] [fuzzy]
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: help-guix@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Cc: help-guix@gnu.org
Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
Authentication-Results: aspmx1.migadu.com;
	dkim=fail (rsa verify failed) header.d=pantherx.org header.s=fm3 header.b=kMCf/btj;
	dkim=fail (rsa verify failed) header.d=messagingengine.com header.s=fm3 header.b=gQcVrGsQ;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org
X-Spam-Score: -0.01
X-TUID: p5V5wIy3exON


I assume that I find the issue source: 

> > > >
> > > >--8<---------------cut here---------------start------------->8---
> > > >
> > > >(define %kyc-accounts
> > > >  (list (user-group (name "kyc-service"))
> > > >        (user-group (name "kyc-rpc"))
> > > >        (user-account
> > > >          (name "kyc-service")
> > > >          (group "kyc-service")
> > > >          (system? #f)
> > > >          (supplementary-groups '("wheel" "kyc-rpc" "video"))
> > > >          (comment "KYC service user"))))
> > > >
> > > >--8<---------------cut here---------------end--------------->8---
> > > >

I modified the service definition to open an empty 'screen', so I can
access shell through service, when I connect to the screen and check
user groups, it seems that the 'supplementary-groups' didn't apply to
the user:

--8<---------------cut here---------------start------------->8---
sh-5.0$ whoami 
kyc-service
sh-5.0$ groups
kyc-service
sh-5.0$ 
--8<---------------cut here---------------end--------------->8---

so, is there any thing that I missed?

-- 
Reza Alizadeh Majd
PantherX Team
https://www.pantherx.org/