From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id CO79EBwQDl/QZgAA0tVLHw (envelope-from ) for ; Tue, 14 Jul 2020 20:05:48 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id kCO9DBwQDl9mbgAAbx9fmQ (envelope-from ) for ; Tue, 14 Jul 2020 20:05:48 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 36B39940145 for ; Tue, 14 Jul 2020 20:05:47 +0000 (UTC) Received: from localhost ([::1]:34414 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jvRBR-0000EE-Lf for larch@yhetil.org; Tue, 14 Jul 2020 16:05:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58678) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvRBI-0000Ci-PP for help-guix@gnu.org; Tue, 14 Jul 2020 16:05:37 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:43915) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jvRBG-0004Mf-Le for help-guix@gnu.org; Tue, 14 Jul 2020 16:05:36 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id EAADE5C0131; Tue, 14 Jul 2020 16:05:33 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Tue, 14 Jul 2020 16:05:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pantherx.org; h= date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm3; bh= TZQuSlTN381lbrIFq2JtjZZAv/ya+0kIXAI8RZX3Hiw=; b=s4KaezU9qKHRqst2 5Oe77W3BoyDjAxv7C+5GXvyP8bIrHS3l2/xizIzuAKSb8UYnyftzk6rHs0b57f/o Mj1Q1UdhQRBggX84/XMH3BTQkNqL6eD21BUVCA0u9lo/Cflcun+GLJqiKEPEv5iX F+7u7EiLJ4MJwySS+Rc5JXSILwUNbIt5X881l1HjQ9+Eo4Djs4GyMPS8CvSv79ua JiEP8mHl56HvxB2qG/ZeAC5pwM6OmqdUcawF91Ux0h+8QXePjJm1jhfeAhmNlSM/ FG77ee8yqVjCSSBxJp9Y44nQja7Q6TK3W8/BrXVZGNy+Kdvp1mQpeZZW/aUUi7Rw WvD9CA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=TZQuSlTN381lbrIFq2JtjZZAv/ya+0kIXAI8RZX3H iw=; b=NAFdBX72f1nRlI83moVHiNQtSljE018UV0WJFNUuYgk20thyJpqQ/Zj/1 glsRSdNy+6dpzw7aI6aIpdNmpkXdVdHuCwg4FLY2pv/WBgKd6o/6XBNjorQVjBGR U8o4+/Pm5SfYew3LIMfwMT1tGDPlSF3mOi2G+vOqxcIdTPJlBbeLxSndflCRFTDY WITxIBoAeecZpfQqYPIALYTNzoBM9HVwEgQ52/vjSANgD3L7gRGIuJHkhVnB0iJt QzdwUCufcmxjBoyPz0djn08stcX6jFfV2clB8QZYN9PXzagoDo+oLntKvlMHmgDO oSHnLY95YOzU4v6yqVVCfrHEjUjfQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrfedtgddugeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfgjfhhoofggtgfgsehtjeertdertddvnecuhfhrohhmpeftvgii rgcutehlihiirgguvghhucforghjugcuoehrrdhmrghjugesphgrnhhthhgvrhigrdhorh hgqeenucggtffrrghtthgvrhhnpeejkedtleehgeefleeugfejfedvudektdegfeethfeg ieegkeejheetheejjeejtdenucffohhmrghinhepphgrnhhthhgvrhigrdhorhhgnecukf hppeehrddvfedtrddvvddrvddvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm pehmrghilhhfrhhomheprhdrmhgrjhgusehprghnthhhvghrgidrohhrgh X-ME-Proxy: Received: from panther-arch.localdomain (unknown [5.230.22.22]) by mail.messagingengine.com (Postfix) with ESMTPA id 563C830600A3; Tue, 14 Jul 2020 16:05:31 -0400 (EDT) Date: Wed, 15 Jul 2020 00:35:34 +0430 From: Reza Alizadeh Majd To: Efraim Flashner Subject: Re: set permission/ownership for files generated by service Message-ID: <20200715003534.1b9b6fd5@panther-arch.localdomain> In-Reply-To: <20200714123641.GH10256@E5400> References: <20200714044809.5ffc4553@panther-arch.localdomain> <058F2A5B-1B2D-449E-9556-7D19625C8D8C@lepiller.eu> <20200714125456.314ac748@panther-arch.localdomain> <20200714091029.GG10256@E5400> <20200714164631.75765b5a@panther-arch.localdomain> <20200714123641.GH10256@E5400> Organization: PantherX X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=66.111.4.26; envelope-from=r.majd@pantherx.org; helo=out2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/14 15:21:49 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=pantherx.org header.s=fm3 header.b=s4KaezU9; dkim=fail (rsa verify failed) header.d=messagingengine.com header.s=fm3 header.b=NAFdBX72; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: 1.49 X-TUID: SzbteIQrk8nN On Tue, 14 Jul 2020 15:36:41 +0300 Efraim Flashner wrote: > On Tue, Jul 14, 2020 at 04:46:31PM +0430, Reza Alizadeh Majd wrote: > > > > I assume that I find the issue source: > > > > > > > > > > > > > >--8<---------------cut > > > > > >here---------------start------------->8--- > > > > > > > > > > > >(define %kyc-accounts > > > > > > (list (user-group (name "kyc-service")) > > > > > > (user-group (name "kyc-rpc")) > > > > > > (user-account > > > > > > (name "kyc-service") > > > > > > (group "kyc-service") > > > > > > (system? #f) > > > > > > (supplementary-groups '("wheel" "kyc-rpc" "video")) > > > > > > (comment "KYC service user")))) > > > > > > > > > > > >--8<---------------cut > > > > > >here---------------end--------------->8--- > > > > > > > > > > I modified the service definition to open an empty 'screen', so I > > can access shell through service, when I connect to the screen and > > check user groups, it seems that the 'supplementary-groups' didn't > > apply to the user: > > > > --8<---------------cut here---------------start------------->8--- > > sh-5.0$ whoami > > kyc-service > > sh-5.0$ groups > > kyc-service > > sh-5.0$ > > --8<---------------cut here---------------end--------------->8--- > > > > so, is there any thing that I missed? > > > > The only other thing I can think of right now is that you're creating > the kyc-service and kyc-rpc groups AND also using them for the first > time here. It could be that the kyc-service group is created with the > kyc-service user and the kyc-rpc group is 'too slow'. Try your code > again but without the kyc-rpc group. > I don't think, since the issue still persists after restarting the services, or even by rebooting the machine. I also checked the `/etc/group` and `kyc-service` user exists in all of the supplementary groups. but the `groups` command shows only the primary group. --8<---------------cut here---------------start------------->8--- sh-5.0$ cat /etc/group | grep "kyc" kyc-user:x:30002: kyc-rpc:x:30001:kyc-user,kyc-service kyc-service:x:980: wheel:x:999:kyc-user,kyc-service video:x:992:kyc-user,kyc-service --8<---------------cut here---------------end--------------->8--- is it possible that I missed to set any environment variable, so the permissions wouldn't be loaded correctly? -- Reza Alizadeh Majd PantherX Team https://www.pantherx.org/