From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 6M3iL1s0+WUjwAAA62LTzQ:P1 (envelope-from ) for ; Tue, 19 Mar 2024 07:44:43 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id 6M3iL1s0+WUjwAAA62LTzQ (envelope-from ) for ; Tue, 19 Mar 2024 07:44:43 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=jysh.net header.s=fm3 header.b=vSGQTY1s; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=ilAivHc3; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710830683; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=BIIJBNmugW2ZqWszVTghYkcb3VdYCq2kHyWQFxxpOcE=; b=od07pwUEs/kbBRlkyotg7hpgrBkX0ONI2mEZJ4voAqO6XuHI7b+VhCoSSg6k1I1T7RaL1z WsrINlNFkLWLySCBXjqJsC2rIt5UBlB9XL1mZZZTUqIsaaBTQWc3/U/U8vVjE3MmPsQZHY k6m6brsp6V9tsY+W9HdBxTS7EM04kQnlGPaUyGch4jTSZBzE7eTqddubaxuXwJgwYAOfao Ta2ODHv4894Ukwoix9Ovlp1V/jRengeMqMsw0lOLRZhp7eblnbGOFDfHnbJJV8X6w0ZcoB 2W7cyjOkB4+cWQrBv07Se19Wfh8SarbiEafu99FBIUVfk+WZdCPMageiE8SthQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710830683; a=rsa-sha256; cv=none; b=VEBly5Q/wma2uoGE4xOUgaQTbbHcmpwDGaCsTdWSWylmL3ofAeeWx+PbvrSJaQL1DO2zLS WV6MLWGWk5xb/Rxa8OkpEIsxt32swt8cFqI7itO3jkdgbW8AS9100Ze4jBvoz9rIDtDsbJ heFmc3LIJ+hsXq6HX/mKOTge6NMQI7UGQWtmtKzQl2uxr+eIcVuu5BzGY0WEbwlprcxvMk sAQWqwzao45VewUABoerbV+tmy1gsDrBWa3gHHxZgZQSmY76x5fyraZ3JvVilaGUFF9VLs iP+0p0egm77uPiRqdmpVSCeTiDm7WrjLTcDp9wWiLOJHc9TN4X/+tNFZL7P9TA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=jysh.net header.s=fm3 header.b=vSGQTY1s; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=ilAivHc3; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BFBC83D50B for ; Tue, 19 Mar 2024 07:44:42 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rmTD0-00073W-S8; Tue, 19 Mar 2024 02:44:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rmSQL-0005Ni-J5 for help-guix@gnu.org; Tue, 19 Mar 2024 01:54:09 -0400 Received: from wfhigh5-smtp.messagingengine.com ([64.147.123.156]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rmSQF-0007rE-Us for help-guix@gnu.org; Tue, 19 Mar 2024 01:54:09 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailfhigh.west.internal (Postfix) with ESMTP id A7F5D18000EB for ; Tue, 19 Mar 2024 01:54:00 -0400 (EDT) Received: from imap48 ([10.202.2.98]) by compute1.internal (MEProxy); Tue, 19 Mar 2024 01:54:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jysh.net; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:subject:subject:to:to; s=fm3; t=1710827640; x=1710914040; bh=BIIJBNmugW2ZqWszVTghYkcb3VdYCq2k HyWQFxxpOcE=; b=vSGQTY1se67AwbP+e4Dlq9GghMjLL+25rytpd828c++7MeLh hanDJEYXcgMyvl72+zU0EiQg4ic/0+Vf2Qt1omuXl8EOD4inZoUzN7xTKkoxF4YG eWwfa6R/NBv9rMoKTkwZVAFwYx074adsPL04Z3PBOd6C6AmKGplPv7Ptm2R7aLoy 28LNaTP3Jz+JHIbVSPM8/YNCxzySGO5Iudg0OEG/t5InzOdjwUwekb7IUL84CuIJ wrAV64k+yafBgGWqdZd5vii4Ltue2g/XTJiV/EYOX8EQpS2i5NiNu8daovjQhhZ5 /IGKPrx0uLSzvrTmGI16+UVWPCz8BjXUSWnpkw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1710827640; x=1710914040; bh=BIIJBNmugW2ZqWszVTghYkcb3VdYCq2kHyW QFxxpOcE=; b=ilAivHc3xcgVllOU2y1uij/maFsQHIncbaUYM/1dN+PLFLN3QTT BqYk60U3FX04OsROVNmVxcRkRZ7u5T8JheLL6HrQqc2T2FAEM2ILw4ni5rQYajgZ hMOrqF4PnuT/+ftAezyUGjyvXGbiYEd5YHc2wkbqnIo8Q7WX2bqYF70TOwCqYOUz JUgfFGxp3TsqQOvGTl87az1itkJMPhK0Yg+aMNuN2Xaot0bSw0AXIyq1rLD1z6As +sH0AMsrJA+HodW0FedB5nypTH4Ya6TKoUJV7QE3wDNkXuDZQOh3ErbhFbayWnSC 20a/Nz670ff5XVrNwtOPuz4wQ/hja1zutXg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrkeekgdeklecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkfffhvffutgesthdtredtre ertdenucfhrhhomhepfdflrgihvghshhcuuehhohhothdfuceojhihshhhsehjhihshhdr nhgvtheqnecuggftrfgrthhtvghrnhepveelleejffeltdehhedvhffhfefffedugfdvhf fftdffvedufeetuedvkeeivdeknecuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepjhihshhhsehjhihshh drnhgvth X-ME-Proxy: Feedback-ID: i8e914701:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id BEC2531A0065; Tue, 19 Mar 2024 01:53:59 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-300-gdee1775a43-fm-20240315.001-gdee1775a MIME-Version: 1.0 Message-Id: Date: Tue, 19 Mar 2024 11:23:39 +0530 From: "Jayesh Bhoot" To: help-guix@gnu.org Subject: How do I put assign supplementary groups to nginx user? Content-Type: text/plain Received-SPF: pass client-ip=64.147.123.156; envelope-from=jysh@jysh.net; helo=wfhigh5-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Tue, 19 Mar 2024 02:44:25 -0400 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -8.38 X-Spam-Score: -8.38 X-Migadu-Queue-Id: BFBC83D50B X-Migadu-Scanner: mx11.migadu.com X-TUID: BDN3qnIFvkBa Hello, I am setting up a git server with Guix System with the following configuration: - A git user with home directory set to /srv/git, so that git repos can be hosted from /srv, and the repo urls can have the shortest path possible, like git@server:test-repo.git. - A git group to which the git user is assigned. - cgit-service-type to serve a read-only view of the repos, with nginx acting as the server. In order to serve the repos, nginx needs access to /srv/git. But, /srv/git, being a home directory, has the configuration of 700 git:git by default. I need to loosen up its permissions to at least 750 so that the git group members can read the directory, and add nginx user to the git group. How do I encode the following withing the system-configuration.scm? - add nginx user to git supplementary group. Neither (cgit-service-type) not (nginx-configuration) provide option to edit nginx's supplementary group, and %nginx-accounts does not seem to be exported. - modify permissions of home directory /srv/git to 750. (user-account) does not seem to have this option. I saw a similar question in the mailing list from 2017, but that one didn't end with a solution: https://lists.gnu.org/archive/html/help-guix/2017-06/msg00052.html P.S.: Please interpert all of the above with the context that I have spent only about a weekend with Guix and Guile.