From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id CHAcOSbxS2TqZgAASxT56A (envelope-from ) for ; Fri, 28 Apr 2023 18:15:35 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id cHcXOCbxS2SgEgAAG6o9tA (envelope-from ) for ; Fri, 28 Apr 2023 18:15:34 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 86D8139F81 for ; Fri, 28 Apr 2023 18:15:34 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1psP5G-00085v-J1; Fri, 28 Apr 2023 10:28:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1psP4y-0007bt-JT for bug-guix@gnu.org; Fri, 28 Apr 2023 10:28:12 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1psP4x-00060F-Dz for bug-guix@gnu.org; Fri, 28 Apr 2023 10:28:08 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1psP4x-00059W-5m for bug-guix@gnu.org; Fri, 28 Apr 2023 10:28:07 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#63082: [PATCH 09/17] services: mpd: Let Shepherd effect the user/group change. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 28 Apr 2023 14:28:07 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63082 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 63082@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63082-submit@debbugs.gnu.org id=B63082.168269206519666 (code B ref 63082); Fri, 28 Apr 2023 14:28:07 +0000 Received: (at 63082) by debbugs.gnu.org; 28 Apr 2023 14:27:45 +0000 Received: from localhost ([127.0.0.1]:34154 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1psP4a-00056x-Ep for submit@debbugs.gnu.org; Fri, 28 Apr 2023 10:27:45 -0400 Received: from mail-qk1-f178.google.com ([209.85.222.178]:60589) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1psP4S-00054w-Gn for 63082@debbugs.gnu.org; Fri, 28 Apr 2023 10:27:37 -0400 Received: by mail-qk1-f178.google.com with SMTP id af79cd13be357-74adf6adac6so971716485a.0 for <63082@debbugs.gnu.org>; Fri, 28 Apr 2023 07:27:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682692051; x=1685284051; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3YVYTiNglXC6c3/OfUN8DD3/yYvwWBMLzh6/MUo6HoE=; b=MUKgP5a6cq9zUfNTTKqFb5raR4b2boOYPentn2ZgH4up0IM6ULCmoEOR8UvdQxdNhp FweQmcGlYqJ8NeabZT0qLr/7EYn9H4nc1iUsGxu/91dqgeU5jTrf8qP0ncX97BWA4dnW wIVyxH2ftx1DIHtBnKA2KLvZ6HsdcfR5UoXsFEHBP5uobidAiQNrjGav08zZiX/wvNE9 c1QqCd04TZkrOKiTXx27jtjLVnKnMRKdLFqe/QUckr/dpSg2rzR76KAzluNh5pao6vr7 PjtJ0kfja1TfXxPo72RiIWE6o06kKWB2zTwW2FUsX29vKG4hzppQW6kyq41rpx0A7y9m KLhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682692051; x=1685284051; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3YVYTiNglXC6c3/OfUN8DD3/yYvwWBMLzh6/MUo6HoE=; b=gTedI2VaLfp0C3+3ozK4x8vbCndJ65LRggHqcsjLO8/Y9p29j2LCKSJmRYMwBZa/mr 9BSdYVEiN1POcD4vLMx5UfANLWVoN+07xwhDFkBVhlynMLAxS+t/gHpAa6FemoOfXLCd AXqU2YaFkijHY1gqXojtEHqlxxthqB3o47NdXKUwL6rPlA0mdAXqodAqf+K9k02uQwNF UrVTFFkBELYID3dWL5b4BgCwiuhf7TSabVGKU1LV71JoD9VQ3dmKcmTGHvImWhwLiaaf N2wVtS7/Joy5L4OJAbfFG0cAVsjMPvxad2BUMr7l4TBRJsma9/48nFB3vrUoIxaiSeyg SfGA== X-Gm-Message-State: AC+VfDwtoRrdax702jPfpCul6rKXG6oYz/yEr/dbHzILDpjQ4xuPs9Gf u5NRyInFn2nFmc7PIUmaqe97k+sWPA8= X-Google-Smtp-Source: ACHHUZ7ohPSCGu5PQkAALhOBckhfXbt2moswKBaQMVRiwJi4q0vXJ3c1nLwl0t4Kuj8CoqBBMK/YNQ== X-Received: by 2002:a05:6214:628:b0:5f7:a9e1:bbbf with SMTP id a8-20020a056214062800b005f7a9e1bbbfmr8223864qvx.44.1682692050966; Fri, 28 Apr 2023 07:27:30 -0700 (PDT) Received: from localhost.localdomain ([2607:fad8:4:3::1000]) by smtp.gmail.com with ESMTPSA id d8-20020a0cfe88000000b005ff569bca72sm6176940qvs.93.2023.04.28.07.27.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 28 Apr 2023 07:27:30 -0700 (PDT) From: Maxim Cournoyer Date: Fri, 28 Apr 2023 10:27:02 -0400 Message-Id: <70d3c80ef59f9519a69218c504e72c4c836a6ab1.1682690696.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1682698534; a=rsa-sha256; cv=none; b=mnbQ3yAAr/KZBt9Pok7ii7OARbZDJCpYcimUWA1WezfJg92xssrLYy1w+43brLTJ6wNlJv WeLdF0mPlou6TbZtmsRr7DWuHE5vcY4fV5NmxHeSXUQtYWNmYJDewEycJ1OBC8hmTKgJP9 GUrUv1qCP/dRjWttNj+taECljPja+x0sQMUzmuQzpPJeeXLnWAoiAjMEOtPV2rlYPM1ir5 0NcgEwmnWX98Fcm16FEYSLKa32pugsbyN7wQdbMeZYh+Rqz48GdOq6Kt9Y/QmmYn7u7A6i qWyG0kYpEDS4Y14swpYzbouV8Mj3Rf+1AStIPftRQlXJEO37Cep0/5lVzH3jag== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=MUKgP5a6; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1682698534; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=3YVYTiNglXC6c3/OfUN8DD3/yYvwWBMLzh6/MUo6HoE=; b=W05XvkYb992OgiZQhOA5n6OCAX70WXSV6zFvXEKmvi4OIPcI7zC4T06itCqERKxrAiy/cs YfcnXZVdePlmtYng4ziBBp46jhWQoH0n75LIEkNWCyTXRCb9imtcH9f4zfqPVsJ5Miw2y3 2tjyWf1SOmVYMj2O6QpH9sOTThEqW8qkTHXUy72/YuBiFPwgWk+5Apu4/iGyOUyeJBEa5O +T2Lj1HvZFnYmSetWxvAF03qa+n+esdfGzNCsUUZBI10am1k2FnoROzivAdQzs4b/mvGtt zv2qrZ1rvtAR4rHZxscTn3gV39EXQ205nBwG9z3HxfAjvBQLY8ptkEAzjG1VTA== X-Migadu-Spam-Score: -3.40 X-Spam-Score: -3.40 X-Migadu-Queue-Id: 86D8139F81 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=MUKgP5a6; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-TUID: 8hODu+A1U3rz Relates to . Quoting a MPD developer, regarding MPD's feature to switch user itself: "that's legacy for the dark ages when proper service managers did not exist" :-). * gnu/services/audio.scm (mpd-serialize-user-account) (mpd-serialize-user-group): Delete procedures. * gnu/services/audio.scm (mpd-configuration) [user]: Do not serialize. [group]: Likewise. (mpd-shepherd-service): Provide the #:user, #:group and #:supplementary-groups arguments. (mympd-shepherd-service): Likewise, and remove the '--user' argument. * doc/guix.texi (Audio Services): Decorate mpd with @command. --- doc/guix.texi | 4 ++-- gnu/services/audio.scm | 31 ++++++++++++++++++++++--------- 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a71a05bcf3..19320c2185 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -33569,7 +33569,7 @@ Audio Services The MPD package. @item @code{user} (type: user-account) -The user to run mpd as. +The user to run @command{mpd} as. @item @code{group} (default: @code{#f}) (type: boolean) Obsolete. Do not use. @@ -33612,7 +33612,7 @@ Audio Services The location of the sticker database. @item @code{default-port} (default: @code{6600}) (type: maybe-port) -The default port to run mpd on. +The default port to run @command{mpd} on. @item @code{endpoints} (type: maybe-list-of-strings) The addresses that mpd will bind to. A port different from diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm index cccf5c2693..550ccc542c 100644 --- a/gnu/services/audio.scm +++ b/gnu/services/audio.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2019 Ricardo Wurmus ;;; Copyright © 2020 Ludovic Courtès ;;; Copyright © 2022⁠–⁠2023 Bruno Victal +;;; Copyright © 2023 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -164,9 +165,6 @@ (define mpd-serialize-boolean mpd-serialize-field) (define (mpd-serialize-list-of-strings field-name value) #~(string-append #$@(map (cut mpd-serialize-string field-name <>) value))) -(define (mpd-serialize-user-account field-name value) - (mpd-serialize-string field-name (user-account-name value))) - (define-maybe string (prefix mpd-)) (define-maybe list-of-strings (prefix mpd-)) (define-maybe boolean (prefix mpd-)) @@ -387,10 +385,14 @@ (define-configuration mpd-configuration "The MPD package." empty-serializer) + ;; Note: The user and its group are not serialized, otherwise MPD would + ;; attempt to switch the user/group itself. The task of switching the + ;; user/group is left to Shepherd instead. (user (user-account %mpd-user) - "The user to run mpd as." - (sanitizer mpd-user-sanitizer)) + "The user to run @command{mpd} as." + (sanitizer mpd-user-sanitizer) + (serializer empty-serializer)) (group (boolean #f) @@ -454,7 +456,7 @@ (define-configuration mpd-configuration (default-port (maybe-port 6600) - "The default port to run mpd on.") + "The default port to run @command{mpd} on.") (endpoints maybe-list-of-strings @@ -595,7 +597,11 @@ (define (mpd-shepherd-service config) (list #$(file-append package "/bin/mpd") "--no-daemon" #$config-file) - #:environment-variables '#$environment-variables))) + #:environment-variables '#$environment-variables + #:user #$username + #:group #$(user-account-group user) + #:supplementary-groups + '#$(user-account-supplementary-groups user)))) (stop #~(make-kill-destructor)) (actions (list (shepherd-configuration-action config-file) @@ -876,12 +882,19 @@ (define (mympd-shepherd-service config) (make-forkexec-constructor `(#$(file-append package "/bin/mympd") - "--user" #$username #$@(if (eq? log-to 'syslog) '("--syslog") '()) "--workdir" #$work-directory "--cachedir" #$cache-directory) #:environment-variables (list #$log-level*) - #:log-file #$(if (string? log-to) log-to #f)))) + #:log-file #$(if (string? log-to) log-to #f) + #:user #$username + ;; Note: the group of the record or that of + ;; the record can be used interchangeably + ;; here, since they've been synced in the 'mympd-accounts' + ;; procedure. + #:group #$(user-account-group user) + #:supplementary-groups + '#$(user-account-supplementary-groups user)))) (stop #~(make-kill-destructor)))))) (define (mympd-accounts config) -- 2.39.2