From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp12.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms9.migadu.com with LMTPS
	id 0Iq1NdCXnGQWQgEASxT56A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 28 Jun 2023 22:28:00 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp12.migadu.com with LMTPS
	id uD2ENdCXnGSdDAAAauVa8A
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 28 Jun 2023 22:28:00 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 9CF4F40C5C
	for <larch@yhetil.org>; Wed, 28 Jun 2023 22:28:00 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces@gnu.org>)
	id 1qEblL-0006Ps-W6; Wed, 28 Jun 2023 16:27:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <attila@lendvai.name>)
 id 1qEblK-0006Pk-Bo
 for guix-devel@gnu.org; Wed, 28 Jun 2023 16:27:38 -0400
Received: from mail-40136.proton.ch ([185.70.40.136])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <attila@lendvai.name>)
 id 1qEblG-00034w-Ma
 for guix-devel@gnu.org; Wed, 28 Jun 2023 16:27:38 -0400
Date: Wed, 28 Jun 2023 20:27:14 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lendvai.name;
 s=protonmail3; t=1687984050; x=1688243250;
 bh=m6H72OChExkaqpachL8udch55fcMm6rluQhYcO/uRec=;
 h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
 Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector;
 b=J2Is0EN8vo7oEOBGd6Hi27Xi5A7S+K1tUmVr8lz9rFExM12ZhBIs+f1de1finNb6P
 BxlpOVApGd1QruKNNTjGSjRiV9e1Mvq04MAvZMRROSHtj8aPoIwzS9KWsCK0c3y5qz
 2lY50/gL7lGOBljkvj5Qzml/fKueVupLRFGqVJvvidgVjNw6BewrIC98d6Ie8Il7ZM
 gGcJBCJ7LHKB5ojfZ/Ta9tm72zgVKExTiCCedjeXu9fE71GTbMI/++wh6QoWHs/SbK
 pePFvobGcGt43OYhD4uPNVVbS7B/qhpcteEzUqymatzjocrmgbB9F/4TfmGyhO9TsQ
 gLfmsDVfgmmaw==
To: guix-devel <guix-devel@gnu.org>
From: Attila Lendvai <attila@lendvai.name>
Subject: shepherd service, unexplained permission errors
Message-ID: <xAeYA3uQx4VxLH1SUk_4phLjrDjAQaIMpEsidlPhJesVA4v9vTY1RUHnz4G-lJ1G7N7cK2aD69MdPWdjCa_ondu-hxuWvNFA39Q2skQ4fvw=@lendvai.name>
Feedback-ID: 28384833:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=185.70.40.136; envelope-from=attila@lendvai.name;
 helo=mail-40136.proton.ch
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: guix-devel-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1687984080;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=m6H72OChExkaqpachL8udch55fcMm6rluQhYcO/uRec=;
	b=MEDedXgrPe4IKrhMv2XcwPCMonHXmRMiehWkEPXz1ENPHKCmfaO+olp627lSA9tEd2h/4O
	mmKVtcbmF96Vn5OWRIhq3FKBSqcllFFHyy1wxu1/MxXRNy5RCq69VsKhoummS+nqAIutBy
	9vCx982i01kvFcF6haJHH8oFsbo/oAORe+AAcerbJdgbX/NbOUoN8C5dpeFdOYgiBgOovt
	qdehUqVn8fx5ZdA+R0a1gxE8ooesig3HOtZi33V69T2dSOm4jjKtl3B3jvC761BWxCArQS
	neMPk4AL5jycOZtKOUdwHthdpbrMqxPqjfBAu2RkEx3ajMvngaFYZmfep8jE+A==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=lendvai.name header.s=protonmail3 header.b=J2Is0EN8;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1687984080; a=rsa-sha256; cv=none;
	b=tJKZ7Yj/vf44WX+PwkbJW/IpNMYjfy19l2yNPzRMHseTT5j8rczJOLI4Q25SiSKD0H3PEA
	PyZ88+SUaIQ8nycvDWELOv+X0vFSriCIOeyZWho1/GAn0HvnfPsth7kWC+CYRPdvcxgz7R
	q4Kxu3n614JeOe4sVGmgVIUAGNZKkx5oBBAqcR+gmHWno0OfX8cjZD56Qv52kUx0C63NLZ
	sYH46qKJeRqXFoWSM8HyDJ9yG8pdp/XHBJdR4HPARA/UofttQsKwMECEx9zHTaoInxkAAb
	1HtPii/I7XvLjElIah0GF4gu5EDw5/lxGJrLD4ky8236ziI4tjrk4/fWHs18Xg==
X-Migadu-Scanner: scn1.migadu.com
X-Migadu-Spam-Score: -3.75
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=lendvai.name header.s=protonmail3 header.b=J2Is0EN8;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: 9CF4F40C5C
X-Spam-Score: -3.75
X-TUID: KYqiGAaD1Nxx

dear Guix,

i have a daemon that i (try to) run/start through Shepherd's fork+exec-comm=
and, with a specific user and group. i can start it up using su or sudo, bo=
th work:

$ sudo --user zigbee2mqtt bash -c "guix shell node gcc-toolchain make pytho=
n libuv -- bash -c 'cd /srv/zigbee2mqtt && npm start'"

# su zigbee2mqtt --command "guix shell node gcc-toolchain make python libuv=
 -- bash -c 'cd /srv/zigbee2mqtt && npm start'"

but through Shepherd the daemon fails while starting up due to a permission=
 denied error:

"Error: Permission denied, cannot open /dev/ttyUSB0"

$ ls -l /dev/ttyUSB0=20
crw-rw---- 1 root dialout 188, 0 Jun 28 21:04 /dev/ttyUSB0

i created a user for that daemon, and added dialout as a supplementary grou=
p:

(user-account
 (name "zigbee2mqtt")
 (comment "zigbee2mqtt service")
 (group "homeaut")
 (supplementary-groups '("dialout"))
 (system? #true))

(user-group
 (name "homeaut")
 (system? #true))

i start the service like this:

(simple-service
  'zigbee2mqtt
  shepherd-root-service-type
  (list
   (shepherd-service
    (requirement '(...))
    (provision '(...))
    (documentation "")
    (start
     #~(lambda _
         (let* ((cmd (list
                      "guix" "shell"
                      "node" "gcc-toolchain" "make" "python" "libuv"
                      "--"
                      "bash" "-c" "cd /srv/zigbee2mqtt && npm start")))
           (fork+exec-command
            cmd
            #:log-file "/var/log/zigbee2mqtt.log"
            #:user "zigbee2mqtt"
            #:group "homeaut")))))))

so, my question boils down to this:

what is different in the two environments? what am i missing?

PS: i have another daemon where i have a very similar issue, so it's probab=
ly not a daemon-specific issue.

PS2: i know that i should package zigbee2mqtt, but i'm taking this shortcut=
 because life is short.

--=20
=E2=80=A2 attila lendvai
=E2=80=A2 PGP: 963F 5D5F 45C7 DFCD 0A39
--
=E2=80=9CThe trouble is, you think you have time.=E2=80=9D
=09=E2=80=94 Siddhartha Gutama, aka Buddha (c. 5th century BC)