From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yLp2Li2iDV8+NAAA0tVLHw (envelope-from ) for ; Tue, 14 Jul 2020 12:16:45 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id cMc0Ki2iDV8kIAAAbx9fmQ (envelope-from ) for ; Tue, 14 Jul 2020 12:16:45 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C27919403C9 for ; Tue, 14 Jul 2020 12:16:44 +0000 (UTC) Received: from localhost ([::1]:55680 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jvJrW-0002fI-Cn for larch@yhetil.org; Tue, 14 Jul 2020 08:16:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36156) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvJrO-0002f8-Oi for help-guix@gnu.org; Tue, 14 Jul 2020 08:16:34 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:38233) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvJrM-0006Sg-SG for help-guix@gnu.org; Tue, 14 Jul 2020 08:16:34 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 3AF0A5C00B1; Tue, 14 Jul 2020 08:16:31 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 14 Jul 2020 08:16:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h= date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm3; bh= /LRiO7soESHo2WfdNBzbRxIrW2HUffy/OPSZxlzW5Hk=; b=kMCf/btjh9VLxamY KlTlBT9t3GXCn5PZtSLEK80Bx4oj7ro3TkNNHVIteX/QWpzIYLMHmB743RYsLQR/ llXAFWBLpY447ea6BRAyv3MOZF9et11SMBi9zsS8ZrQRR9w/1B3Qz0znZcXBWoDx gnajci8AQRV5uj6cRlfw2BYk0SsmxjIvoQKlBIVLXwNwo2e2YAZJ4n5kF1kj1nQ5 MoeTxlYp4ioJQca40y8+uWabIAo/GHNtvDONT8i5jeOJeRyGbruxnN6QIfd9hT/6 APbw/EpNWpTuTKxwWW6vVXi2frI4vorUcSFT2m7czAt4xfmyrHhrhktwk3SMb+rx roi4dg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=/LRiO7soESHo2WfdNBzbRxIrW2HUffy/OPSZxlzW5 Hk=; b=gQcVrGsQDIT5EMnwk9WjgnrbVbh9/6CCSL6e0YnlQT/P0LZOkx9D0PJX2 uuLRjo7+itAlqrPRXbS3ieRF8PafmxP4bIFDieK3rfQCcHBAkBmjwwua2KcIwbFf np5kJQ962zWNlYm1aXwT51SOAmECGuKA+TN6n5ucXhNEkCI5NJndtF96bdGr5LjY NWwbp4lF+qfpam6wkn3bUXIdmU4fzDx4bfLhkzB8qbuXittIFLsTWy7QfjFREZLg VrtcaSo3apFWIbzKArQTHN5c2hgfFoP1OcEDU5NLWHb/8JSkISSVmUg9eYLBzsze b4pJZrDP83iQYnmXu+A1Z0ZirrUhw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrfedtgdehudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkjghfohfogggtgfesthejredtredtvdenucfhrhhomheptfgviigr ucetlhhiiigruggvhhcuofgrjhguuceorhdrmhgrjhgusehprghnthhhvghrgidrohhrgh eqnecuggftrfgrthhtvghrnhepjeektdelheegfeeluefgjeefvddukedtgeeftefhgeei geekjeehteehjeejjedtnecuffhomhgrihhnpehprghnthhhvghrgidrohhrghenucfkph epudekhedrvddtledrudeliedrudeikeenucevlhhushhtvghrufhiiigvpedtnecurfgr rhgrmhepmhgrihhlfhhrohhmpehrrdhmrghjugesphgrnhhthhgvrhigrdhorhhg X-ME-Proxy: Received: from panther-arch.localdomain (unknown [185.209.196.168]) by mail.messagingengine.com (Postfix) with ESMTPA id DA15A328005A; Tue, 14 Jul 2020 08:16:28 -0400 (EDT) Date: Tue, 14 Jul 2020 16:46:31 +0430 From: Reza Alizadeh Majd To: Efraim Flashner Subject: Re: set permission/ownership for files generated by service Message-ID: <20200714164631.75765b5a@panther-arch.localdomain> In-Reply-To: <20200714091029.GG10256@E5400> References: <20200714044809.5ffc4553@panther-arch.localdomain> <058F2A5B-1B2D-449E-9556-7D19625C8D8C@lepiller.eu> <20200714125456.314ac748@panther-arch.localdomain> <20200714091029.GG10256@E5400> Organization: PantherX X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=66.111.4.27; envelope-from=r.majd@pantherx.org; helo=out3-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/14 08:16:31 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=pantherx.org header.s=fm3 header.b=kMCf/btj; dkim=fail (rsa verify failed) header.d=messagingengine.com header.s=fm3 header.b=gQcVrGsQ; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -0.01 X-TUID: p5V5wIy3exON I assume that I find the issue source: > > > > > > > >--8<---------------cut here---------------start------------->8--- > > > > > > > >(define %kyc-accounts > > > > (list (user-group (name "kyc-service")) > > > > (user-group (name "kyc-rpc")) > > > > (user-account > > > > (name "kyc-service") > > > > (group "kyc-service") > > > > (system? #f) > > > > (supplementary-groups '("wheel" "kyc-rpc" "video")) > > > > (comment "KYC service user")))) > > > > > > > >--8<---------------cut here---------------end--------------->8--- > > > > I modified the service definition to open an empty 'screen', so I can access shell through service, when I connect to the screen and check user groups, it seems that the 'supplementary-groups' didn't apply to the user: --8<---------------cut here---------------start------------->8--- sh-5.0$ whoami kyc-service sh-5.0$ groups kyc-service sh-5.0$ --8<---------------cut here---------------end--------------->8--- so, is there any thing that I missed? -- Reza Alizadeh Majd PantherX Team https://www.pantherx.org/