From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id gEGhLt10NWTATgEASxT56A (envelope-from ) for ; Tue, 11 Apr 2023 16:55:25 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id aPiYLt10NWRWTgEA9RJhRA (envelope-from ) for ; Tue, 11 Apr 2023 16:55:25 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 72A0536715 for ; Tue, 11 Apr 2023 16:55:25 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pmFOj-0000K8-Dk; Tue, 11 Apr 2023 10:55:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pmFOh-0000Jx-D1 for help-guix@gnu.org; Tue, 11 Apr 2023 10:55:03 -0400 Received: from sender11-op-o12.zoho.eu ([31.186.226.226]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pmFOe-0008Tb-4N for help-guix@gnu.org; Tue, 11 Apr 2023 10:55:03 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1681224892; cv=none; d=zohomail.eu; s=zohoarc; b=ExsVppyuYMlW90Y+dx9V0UnfxCUoNn+UZ6QNJF7n01Xxg4fy15hEKFar1V3ySzaiYkj62vV6pSaRU+YheV/8i6L8qbiHLIxqaaDTaZhuaKn44rOYToUeF2pvtReyGJRpkXCg/A938k909GjIq77jWKJULpNrEHcUImtWO7QkF/w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1681224892; h=Content-Type:Date:From:MIME-Version:Message-ID:Subject:To; bh=tVbkyM0M2xqQOWEp569bozrFmPddYhChomnbPvapIOs=; b=gjj7XXUPd950rik9WbE8KYD4O41WGFBVccFKeJyyx5sMv6D2aFSPj80n031LDEcibkfcjeW4WN07ZZwZBfiI/A8BMJpms+wzyN/M1LyT3z6EaE1TAWny10fzTlTS/slcER4axnbPq42FwYwmwzC3raoQ9DNxHP/ckqNOV+n1Qn0= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=beaver-labs.com; spf=pass smtp.mailfrom=edk@beaver-labs.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1681224892; s=zoho; d=beaver-labs.com; i=edk@beaver-labs.com; h=From:From:To:To:Subject:Subject:Date:Date:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To:Cc; bh=tVbkyM0M2xqQOWEp569bozrFmPddYhChomnbPvapIOs=; b=Vd1y+tubvU1bCA8orEr9Br0aokyrC/vNqKYmpY4z/7M+gARBloOMLvrnBk59lxre D1/1CGZw5bNhht72DNhiwv0YCM7n81L1McJ9cZPN4fz+57p8H2Uz03UdLbFXtNfIytn OZguBQcXkRd5ZPu3U2jSazc6yXOpKHXRXH8S440aV/MPUOyCEGRKLXG00G2v8zzGTEG v3TfIZ0t6rEtcbBMWwpz+WLDLv8MfHSyiunvntTOIj7Hih6Ljgr0Yrh2vKng21xoNcj qzUP7xzPZ+gLkZgedVvtun+6ir5SLRaaoT0Cp7uMZhoo9CWFUmVyBhPYnY1w1HRaON7 Z9tEDgNFBg== Received: from schwarzy (lfbn-idf3-1-667-244.w86-252.abo.wanadoo.fr [86.252.237.244]) by mx.zoho.eu with SMTPS id 1681224889786118.68166588239797; Tue, 11 Apr 2023 16:54:49 +0200 (CEST) User-agent: mu4e 1.8.13; emacs 28.2 From: Edouard Klein To: help-guix Subject: Can't setuid-program to a custom user Date: Tue, 11 Apr 2023 16:47:14 +0200 Message-ID: <877cuijwpa.fsf@rdklein.fr> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External Received-SPF: pass client-ip=31.186.226.226; envelope-from=edk@beaver-labs.com; helo=sender11-op-o12.zoho.eu X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=2; s=key1; d=yhetil.org; t=1681224925; a=rsa-sha256; cv=pass; b=rBHFZ/IIrGlH5/j4X8GqzhZOyIvAeq/+nx4dTAAL5gHDytVE01u+Oh74vC30YGE30vfuDe KnvMXio6A0L6VnwewlqDBjQFjt0GWOWu9e839DKyWYHm20wesHwzql69o6FyQYaMBhm6tm cr2lkzNoJ4ECMpjzRQ56sk+ubI2vba7R0m4ib6Kx/9MigqEE3281SqnDUcxqSmcPwDkIdA LiN/yY+uRwDwyLAikl/R9sgom3MUX5ehkyXSx50MWB6KdLj5jTcJyflDiYtL8rk73jHWq8 xciqDz8i0d4JgAJVmWj7X9OWoFZ9UJi4/9uTn5IbHAD46bQRfsy0PbGOjju4Kg== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=pass header.d=beaver-labs.com header.s=zoho header.b=Vd1y+tub; arc=pass ("zohomail.eu:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1681224925; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=tVbkyM0M2xqQOWEp569bozrFmPddYhChomnbPvapIOs=; b=U4iokOXMq0JtnEcyf6q9LHxmN+B89qfWOqJtf5CPr03nD0W/ySD1CCjZMk5PGtDcn/fJWy 1hqL8jMVyvYYU5P74yaDPTCuJI5PNz1Am8pnkN7/BvpkktfGbF4WhLDcAGrf17yOz9pIS9 1MfRZ7ydaFaeFOl/lvYBS19HXTsXT16MmludMBg5nRz/33dRULMQefM7q1DS9ZC+Hp43FB zZE47u1VbVygNXxCwBav9HgzJ94tn2/9+GQuAW9n0HpOT/zyFhyUy/HBpw+3qOnYMBL/ik R9nbgV9NVLXFwPw7Hb8i5BCfvsVN1yg3agout0Jx8APWD96IpOo7t3kGCuvgJQ== Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=beaver-labs.com header.s=zoho header.b=Vd1y+tub; arc=pass ("zohomail.eu:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -10.02 X-Spam-Score: -10.02 X-Migadu-Queue-Id: 72A0536715 X-TUID: qrptL9lLUpnu Dear Guix, I am trying to install a program that requires its own user, and to create a suid binary that will launch as this user, no matter who launches it. See lines 119 on of this file: https://gitlab.com/edouardklein/guix/-/blob/6ae4c66bde1927aaae041311888c35105595a83e/beaver/packages/plan9.scm#L119 The creation of the account is successful, e.g. when I run a container like so: $(guix system container -e "(begin (use-modules (beaver system) (beaver packages plan9)) (sucf minimal-container))") I can check /etc/passwd and the user "suc" is in there. I can launch guile, and type (getpw "suc") and get in response: "$1 = #("suc" "x" 1000 30001 "" "/home/suc" "/gnu/store/d99ykvj3axzzidygsmdmzxah4lvxd6hw-bash-5.1.8/bin/bash")" I can check that the directory /var/lib/suc exists and is owned by the user: ls -l /var/lib/ total 4 -rw------- 1 root root 512 Apr 11 14:46 random-seed drwxr-xr-x 2 suc suc 40 Apr 11 14:46 suc/ However, when I try to setuid the suc binary to user suc: #+begin_src scheme (setuid-programs (cons (setuid-program (program (file-append suc "/bin/suc")) (user "suc")) #+end_src Then when I launch my container I get: "ERROR: In procedure getpw: In procedure getpw: entry not found" Which is very astonishing given that the user exists ! Does the setuid binaries service try to do its stuff before the accounts are created ? Does anybody have the slightest idea of why the user is not found ? BTW, it works if I setuid to root by removing the `(user "suc")`. Thanks in advance, Edouard.