unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* FUSE works as non-root user but not in Shepherd service under same user
@ 2021-05-16 18:16 raingloom
  0 siblings, 0 replies; only message in thread
From: raingloom @ 2021-05-16 18:16 UTC (permalink / raw)
  To: help-guix@gnu.org

So, I've been struggling with this for a few days now.

I have a Chez script that waits until a SQL dump is written, cleanly
shuts down the FUSE file system that uses the corresponding database,
deletes the database, undumps it from the newly written SQL script, and
waits for the next write, all in an infinite loop.

To make the system a bit more secure, I run it as the gmnisrv user.

It works fine when I run it with su as:
su -s $(guix build memex-runner)/bin/memex-runner.sps gmnisrv
/path/to/gemini/document/root

Translation, because su's syntax is a bit weird:
`su -s <executable> <username> [args...]`
runs <executable> [args...] as username.

So, should have the same effect as specifying user and group in the
service description, right? But when I run the service I get this error:

```
Mounting to "wiki/tags"
Forked into background PID 1478
fusermount: mount failed: Operation not permitted
```

I have no clue what's going wrong. The mount point is owned by gmnisrv,
the database file too, /dev/fuse has read and write access for user,
group, and other, looking at the strace output doesn't reveal anything
obviously wrong or different between running it with su or with
Shepherd.
I also thought that I might be wrapping memex-runner.sps wrong and it
finding the binaries in /gnu/store before the ones in
/run/setuid-programs, so now wrap-program suffixes the PATH of inputs
instead of prefixing it, but that still didn't fix anything.

I'm out of ideas. Any idea how to proceed, short of going through the
source code for everything that's involved here, including FUSE,
Shepherd, Linux, and Supertag?

Here is my channel, look for raingloom/services/gemini.scm and
raingloom/packages/scheme.scm.
https://git.sr.ht/~raingloom/guix-packages/

My machine configs are private but if needed I can share the relevant
bits, but I don't think there is anything relevant. It's a pretty basic
web server setup with Nginx and Molly Brown.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-05-16 20:07 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-16 18:16 FUSE works as non-root user but not in Shepherd service under same user raingloom

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).