From: Reza Alizadeh Majd <r.majd@pantherx.org>
To: help-guix@gnu.org
Subject: set permission/ownership for files generated by service
Date: Tue, 14 Jul 2020 04:48:09 +0430 [thread overview]
Message-ID: <20200714044809.5ffc4553@panther-arch.localdomain> (raw)
Hi Guix,
I'm working on a custom service for an application, this application
use a unix socket for communication, and for security purpose I change
the owner group for this socket file and only applications that run by
members of this specific group can access to this socket file.
running the application manually, everything is OK and socket file is
created with desired permissions, but when I try to run this
application as a service, I receive permission error during ownership
modification.
my service definition is as follows:
--8<---------------cut here---------------start------------->8---
(define-record-type* <kyc-configuration>
kyc-configuration make-kyc-configuration
kyc-configuration?
(package kyc-configuration-package
(default kyc))
(user kyc-configuration-user
(default "kyc-service"))
(group kyc-configuration-group
(default "kyc-service")))
(define %kyc-accounts
(list (user-group (name "kyc-service"))
(user-group (name "kyc-rpc"))
(user-account
(name "kyc-service")
(group "kyc-service")
(system? #f)
(supplementary-groups '("wheel" "kyc-rpc" "video"))
(comment "KYC service user"))))
(define kyc-shepherd-service
(match-lambda
(($ <kyc-configuration> package user group)
(list (shepherd-service
(provision '(kyc))
(documentation "Run KYC as a daemon.")
(requirement '(networking user-processes))
(modules `((srfi srfi-1)
(srfi srfi-26)
,@%default-modules))
(start #~(make-forkexec-constructor
(list
(string-append #$package "/bin/kyc"))
#:user #$user
#:group #$group
#:environment-variables
(list (string-append "PATH=" #$coreutils "/bin:" (getenv "PATH"))
(string-append "HOME=" "/home/" #$user))))
(stop #~(make-kill-destructor)))))))
(define kyc-service-type
(service-type
(name 'kyc)
(extensions (list (service-extension shepherd-root-service-type
kyc-shepherd-service)
(service-extension account-service-type
(const %kyc-accounts))))
(default-value (kyc-configuration))))
--8<---------------cut here---------------end--------------->8---
is there anything that I missed for this service definition?
--
Reza Alizadeh Majd
PantherX Team
https://www.pantherx.org/
next reply other threads:[~2020-07-14 0:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 0:18 Reza Alizadeh Majd [this message]
2020-07-14 2:01 ` set permission/ownership for files generated by service Julien Lepiller
2020-07-14 8:24 ` Reza Alizadeh Majd
2020-07-14 9:10 ` Efraim Flashner
2020-07-14 11:24 ` Reza Alizadeh Majd
2020-07-14 12:16 ` Reza Alizadeh Majd
2020-07-14 12:36 ` Efraim Flashner
2020-07-14 20:05 ` Reza Alizadeh Majd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200714044809.5ffc4553@panther-arch.localdomain \
--to=r.majd@pantherx.org \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.