How do I put assign supplementary groups to nginx user?

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: "Jayesh Bhoot" <jysh@jysh.net>
To: help-guix@gnu.org
Subject: How do I put assign supplementary groups to nginx user?
Date: Tue, 19 Mar 2024 11:23:39 +0530	[thread overview]
Message-ID: <ff59ed54-570a-4a37-9ea2-0a0bb1cd975d@app.fastmail.com> (raw)

Hello,

I am setting up a git server with Guix System with the following configuration:

- A git user with home directory set to /srv/git, so that git repos can be hosted from /srv, and the repo urls can have the shortest path possible, like git@server:test-repo.git.
- A git group to which the git user is assigned.
- cgit-service-type to serve a read-only view of the repos, with nginx acting as the server.

In order to serve the repos, nginx needs access to /srv/git. But, /srv/git, being a home directory, has the configuration of 700 git:git by default. I need to loosen up its permissions to at least 750 so that the git group members can read the directory, and add nginx user to the git group.

How do I encode the following withing the system-configuration.scm?

- add nginx user to git supplementary group. Neither (cgit-service-type) not (nginx-configuration) provide option to edit nginx's supplementary group, and %nginx-accounts does not seem to be exported.
- modify permissions of home directory /srv/git to 750. (user-account) does not seem to have this option.

I saw a similar question in the mailing list from 2017, but that one didn't end with a solution: https://lists.gnu.org/archive/html/help-guix/2017-06/msg00052.html

P.S.: Please interpert all of the above with the context that I have spent only about a weekend with Guix and Guile.

next             reply	other threads:[~2024-03-19  6:44 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-19  5:53 Jayesh Bhoot [this message]
2024-03-19 12:42 ` How do I put assign supplementary groups to nginx user? Thompson, David

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ff59ed54-570a-4a37-9ea2-0a0bb1cd975d@app.fastmail.com \
    --to=jysh@jysh.net \
    --cc=help-guix@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.