From unknown Sun Jun 22 11:34:42 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#41763 <41763@debbugs.gnu.org> To: bug#41763 <41763@debbugs.gnu.org> Subject: Status: services: opensmtpd: Fix the setgid problem for the smtpctl utility. Reply-To: bug#41763 <41763@debbugs.gnu.org> Date: Sun, 22 Jun 2025 18:34:42 +0000 retitle 41763 services: opensmtpd: Fix the setgid problem for the smtpctl u= tility. reassign 41763 guix-patches submitter 41763 maxim.cournoyer@gmail.com severity 41763 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 08 13:46:51 2020 Received: (at submit) by debbugs.gnu.org; 8 Jun 2020 17:46:51 +0000 Received: from localhost ([127.0.0.1]:57847 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jiLrG-0000UI-QL for submit@debbugs.gnu.org; Mon, 08 Jun 2020 13:46:51 -0400 Received: from lists.gnu.org ([209.51.188.17]:49030) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jiLrE-0000UA-Ok for submit@debbugs.gnu.org; Mon, 08 Jun 2020 13:46:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52868) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jiLrD-0000EI-Sa for guix-patches@gnu.org; Mon, 08 Jun 2020 13:46:48 -0400 Received: from mail-qk1-x734.google.com ([2607:f8b0:4864:20::734]:34520) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jiLrB-0001uT-W3 for guix-patches@gnu.org; Mon, 08 Jun 2020 13:46:47 -0400 Received: by mail-qk1-x734.google.com with SMTP id f18so18144662qkh.1 for ; Mon, 08 Jun 2020 10:46:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version; bh=YXsJhIXSYJ+Rdp1JYxGf+ixFNFRfw1N4VxDDYTiXwCk=; b=Ojpye49MZXW2a6DcDHi+7z14Hvrhr7dlrTCafFVh1uOuaKHnXAuA40ulJaEEgAEouE isfnN5+r3TQKl5pp5TC06oc+EFHrkrjFvD/N5BI1i7GNyVLXjfHeE1NELy3auFOrdiTe DNE3aG/UILoNMlLKIEzC9iVCNXlEG8oyeDpXJ0NDk2VSDGx0keYFxEY9gyqWsj2/od4k /eZH7B40TK6IAqBKROn3hOEQ+r5p4rgG479bXWho7Ar/lCiE9cr1te3VWuXhDcz7Vymu zyarPo5gIO7KLWBtoimtT2lz5mryY4bm0nUD9IajqBvFkUh6C+Wp+Vb2AGCQEPS3T0fj abVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version; bh=YXsJhIXSYJ+Rdp1JYxGf+ixFNFRfw1N4VxDDYTiXwCk=; b=XoQGYpTZzxSsaMH1q7a0UYqVgFD4tkSbezUcke/Z8jOvVQPhNqo5UAgnH2etH/o8xU 9DC3qp3ljZ75ptGcTcofb9W9QuQNSWbA1EH7B4Gy83B6eXgRi1pIAVyS0Uz6XHHGeWw0 QkrHbIZWABkaA68RcGChbgszfvs1C8sKh+O1LW9AZd1GH5C3sKFGzSbEYn1ksiDk8TXH T+RT6FUWkdFRx/IXVvNmywRuZUFhhJ2zQKY7fitNX/KpefT+6saYqxHB0vO+THq7IS7Q Fl7ntcRZeudyU4L4+0RyTSXgHWdyVb2fiPZK/NQuHK4iGl18b8S7ephfmiZouwP+Egm6 9AcQ== X-Gm-Message-State: AOAM532P/vXh/ThwNovF9GJtkvRO9aX0iM/jwulHtB5iBit4suSK3mSM xhTa04z2fkBY7l4FpRr2jW3u6drLIT0= X-Google-Smtp-Source: ABdhPJydwxHQHRTPZaqAuEJirGCBhW7dglmExIeCuMlFmwNZiy4aL/ZKkw2qWf9kzC53hnRYv+JKZg== X-Received: by 2002:a05:620a:8cd:: with SMTP id z13mr22168575qkz.54.1591638404324; Mon, 08 Jun 2020 10:46:44 -0700 (PDT) Received: from hurd (dsl-152-235.b2b2c.ca. [66.158.152.235]) by smtp.gmail.com with ESMTPSA id x36sm8037092qtd.97.2020.06.08.10.46.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jun 2020 10:46:43 -0700 (PDT) From: maxim.cournoyer@gmail.com To: guix-patches Subject: services: opensmtpd: Fix the setgid problem for the smtpctl utility. Date: Mon, 08 Jun 2020 13:46:37 -0400 Message-ID: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=2607:f8b0:4864:20::734; envelope-from=maxim.cournoyer@gmail.com; helo=mail-qk1-x734.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit Cc: Christopher Baines X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello! The following patches provide a mean to specify a user and group for a setuid program, and uses that to fix a setgid permission issue in the context of the opensmtpd service. Christopher, you should be able to leverage this new facility to configure the uid/gid of the sendmail program to that of the smtpq user, like this: --8<---------------cut here---------------start------------->8--- (operating-system) [...] (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq") %setuid-programs)) --8<---------------cut here---------------end--------------->8--- The smtpq user is created as part of the OpenSMTPD service definition. Thank you, --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-services-Allow-configuring-the-ownership-of-setuid-p.patch Content-Transfer-Encoding: quoted-printable From=20e1b8840da16fb531f6607892ebf08f2d5472b962 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 7 Jun 2020 23:01:49 -0400 Subject: [PATCH 1/3] services: Allow configuring the ownership of setuid programs. Fixes . * gnu/build/activation.scm (activate-setuid-programs): Update doc. Allow a program entry to be a list that may include a user and a group. [make-setuid-program] New USER and GROUP keyword parameters. Move the error handling inside the MAKE-SETUID-PROGRAM helper procedure. * gnu/services.scm (setuid-program-service-type): Update doc. * doc/guix.texi (Setuid Programs): Update doc. =2D-- doc/guix.texi | 17 +++++++++++--- gnu/build/activation.scm | 48 +++++++++++++++++++++++++--------------- gnu/services.scm | 17 ++++++++++++-- 3 files changed, 59 insertions(+), 23 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 056bf011f6..83d7344bd8 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -26429,14 +26429,25 @@ should be setuid root. =20 The @code{setuid-programs} field of an @code{operating-system} declaration contains a list of G-expressions denoting the names of =2Dprograms to be setuid-root (@pxref{Using the Configuration System}). =2DFor instance, the @command{passwd} program, which is part of the Shadow =2Dpackage, can be designated by this G-expression (@pxref{G-Expressions}): +programs to be setuid (@pxref{Using the Configuration System}). The +user and group ownership of the setuid program default to @code{root}, +but can be specified by declaring them along the file name of the +program. For instance, the @command{passwd} program, which is part of +the Shadow package, can be designated as a setuid-root porgram by this +G-expression (@pxref{G-Expressions}): =20 @example #~(string-append #$shadow "/bin/passwd") @end example =20 +As a second example, the @command{smtpctl} program, which is part of the +OpenSMTPD package, requires to have its group set to @samp{smtpq}. +This can be specified using: + +@example +(list (file-append opensmtpd "/bin/smtpctl") "smtpq" "smtpq") +@end example + A default set of setuid programs is defined by the @code{%setuid-programs} variable of the @code{(gnu system)} module. =20 diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 30f5e87d5a..6be3664d44 100644 =2D-- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovi= c Court=C3=A8s ;;; Copyright =C2=A9 2015 Mark H Weaver +;;; Copyright =C2=A9 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -227,14 +228,28 @@ they already exist." "/run/setuid-programs") =20 (define (activate-setuid-programs programs) =2D "Turn PROGRAMS, a list of file names, into setuid programs stored under =2D%SETUID-DIRECTORY." =2D (define (make-setuid-program prog) + "Turn PROGRAMS, a list of file names and/or of nested lists composed of a +file name, a user and a group, into setuid programs stored under +%SETUID-DIRECTORY. The user and group default to \"root\" and affect the +ownership of the associated file name." + (define* (make-setuid-program prog #:key (user "root") (group user)) (let ((target (string-append %setuid-directory "/" (basename prog)))) =2D (copy-file prog target) =2D (chown target 0 0) =2D (chmod target #o6555))) + (catch 'system-error + (lambda () + (let ((uid (passwd:uid (getpwnam user))) + (gid (group:gid (getgrnam group)))) + (copy-file prog target) + (chown target uid gid) + (chmod target #o6555))) + (lambda args + ;; If we fail to create a setuid program, better keep going + ;; so that we don't leave %SETUID-DIRECTORY empty or + ;; half-populated. This can happen if PROGRAMS contains + ;; incorrect file names: . + (format (current-error-port) + "warning: failed to make '~a' setuid (~a:~a): ~a~%" + prog user group (strerror (system-error-errno args))))))) =20 (format #t "setting up setuid programs in '~a'...~%" %setuid-directory) @@ -247,18 +262,15 @@ they already exist." string. =2D (format (current-error-port) =2D "warning: failed to make '~a' setuid-root: ~a~= %" =2D program (strerror (system-error-errno args))))= )) + (for-each (match-lambda + ((program user group) + (make-setuid-program program #:user user #:group group)) + ((program user) + (make-setuid-program program #:user user)) + ((program) + (make-setuid-program program)) + (program + (make-setuid-program program))) programs)) =20 (define (activate-special-files special-files) diff --git a/gnu/services.scm b/gnu/services.scm index 2e4648bf78..19a1c38ceb 100644 =2D-- a/gnu/services.scm +++ b/gnu/services.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Court=C3= =A8s ;;; Copyright =C2=A9 2016 Chris Marusich +;;; Copyright =C2=A9 2020 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -681,12 +682,24 @@ FILES must be a list of name/file-like object pairs." (list (service-extension activation-service-type (lambda (programs) #~(activate-setuid-programs =2D (list #$@programs)))))) + (quote (#$@programs))))))) (compose concatenate) (extend append) (description "Populate @file{/run/setuid-programs} with the specified =2Dexecutables, making them setuid-root."))) +executables, making them setuid. The PROGRAMS entries extending the +setuid-program-service-type is a list of file-like objects. Alternatively= to +file-like objects, nested lists containing a file-like object, a user and a +group can be used to control the ownership of the associated file. + +Example: + +(list (file-append shadow \"/bin/passwd\") + (list (file-append opensmtpd \"/bin/smtpctl\") \"root\" \"smtpq\")) + +The @command{passwd} program has both its user and group set to the +default \"root\" while the @command{smtpctl} program has its user set to +\"root\" and its group set to \"smtpq\"."))) =20 (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." =2D-=20 2.26.2 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-services-opensmtpd-Remove-unused-binding.patch Content-Transfer-Encoding: quoted-printable From=2001c1ab83bf6f5a8158a993de2fa0048f6d172a73 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 7 Jun 2020 23:49:25 -0400 Subject: [PATCH 2/3] services: opensmtpd: Remove unused binding. * gnu/services/mail.scm (opensmtpd-activation): Remove unused SMTPD variable binding. =2D-- gnu/services/mail.scm | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index cfcaf4601b..7c49d99e9f 100644 =2D-- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -1665,15 +1665,14 @@ match from local for any action outbound (define opensmtpd-activation (match-lambda (($ package config-file) =2D (let ((smtpd (file-append package "/sbin/smtpd"))) =2D #~(begin =2D (use-modules (guix build utils)) =2D ;; Create mbox and spool directories. =2D (mkdir-p "/var/mail") =2D (mkdir-p "/var/spool/smtpd") =2D (chmod "/var/spool/smtpd" #o711) =2D (mkdir-p "/var/spool/mail") =2D (chmod "/var/spool/mail" #o711)))))) + #~(begin + (use-modules (guix build utils)) + ;; Create mbox and spool directories. + (mkdir-p "/var/mail") + (mkdir-p "/var/spool/smtpd") + (chmod "/var/spool/smtpd" #o711) + (mkdir-p "/var/spool/mail") + (chmod "/var/spool/mail" #o711))))) =20 (define %opensmtpd-pam-services (list (unix-pam-service "smtpd"))) =2D-=20 2.26.2 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0003-services-opensmtpd-Fix-the-setgid-problem-for-the-sm.patch Content-Transfer-Encoding: quoted-printable From=2052a1a031e6a7c0196cf17d0bd32061d02b453df8 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 7 Jun 2020 23:52:00 -0400 Subject: [PATCH 3/3] services: opensmtpd: Fix the setgid problem for the smtpctl utility. The utility was complaining that it wasn't setgid to the group ID of the "smtpq" group. * gnu/services/mail.scm (opensmtpd-service-type): Extend the setuid-program-service-type with the smtpctl program. =2D-- gnu/services/mail.scm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 7c49d99e9f..96efbd951d 100644 =2D-- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -1662,6 +1662,11 @@ match from local for any action outbound (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) =20 +(define (opensmtpd-setuid-programs opensmtpd-configuration) + (let ((smtpctl (file-append (opensmtpd-configuration-package + opensmtpd-configuration) "/sbin/smtpctl"))) + (list (list smtpctl "smtpq")))) + (define opensmtpd-activation (match-lambda (($ package config-file) @@ -1683,6 +1688,8 @@ match from local for any action outbound (extensions (list (service-extension account-service-type (const %opensmtpd-accounts)) + (service-extension setuid-program-service-type + opensmtpd-setuid-programs) (service-extension activation-service-type opensmtpd-activation) (service-extension pam-root-service-type =2D-=20 2.26.2 --=-=-= Content-Type: text/plain Maxim --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl7eeX0ACgkQEmDkZILm NWJXDg/+JGbUaMn8GMdk4Ek1ZJSsZusQWvzXR+ie82wLZ51LtpuAmNmtFeYiODe7 UYMVZGXTLhRqhwxdEoQUE6+i1H1Y3qj9D8nl6223/ZU63czuFb7JiQ6QmeU6KGao Un/yVZyERznxeUUvqZQlH3oPLQglvc1K2w+zcAhdcCf2GJjJjkGoOrvI5hQ/sueh /E8GG71FqGPMT3MRaHc7G4T1GDAXFlHK9YmLwFzRLPnEAQMVlMidw8EgKd7g1ZWT tE+1iQbyrNpodDHUDTotWUtFxKmyFovm3ct3K3xFs3Ao6EwVZfJqNvNJlx7O6IiH Nat8Z5H0zZ6MwCiEJToetZfNSG+rRX0jpGwDRDBx6hwXxCEslHUGbyBGyZlQQuji PYYpqWzQYAzpv8ijnsIYYFoowopABGfvZlWTtXBgLyNETgli1pQTxT5H/a8Tkm7t ySDI9+2nPnJilirnTUFynspUWL0oYzJExi5ZLnt1yNU9mwmFTKecM2mx5q6wjXBY erTN+2JwfW7X2Nrb8JNJKHoDBUJpGmj8lvIZoTcB4B46vkDzCcC497fpFaGAuh3f kO6TC+NABNncXRGTsaf5rIS7HwIFBZkfmrNTaEX4AwFzzo8D7RZ3q8kW/m9LgEzR zvyW3CVQBoKiqyoPoxTum0Bsw7FG8YrhWoj7ECdQwzHY7qj5OJs= =FFdP -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 11 15:20:16 2020 Received: (at 41763) by debbugs.gnu.org; 11 Jun 2020 19:20:16 +0000 Received: from localhost ([127.0.0.1]:38087 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjSkJ-0005Rn-Pv for submit@debbugs.gnu.org; Thu, 11 Jun 2020 15:20:15 -0400 Received: from mira.cbaines.net ([212.71.252.8]:59992) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jjSkH-0005Re-FK for 41763@debbugs.gnu.org; Thu, 11 Jun 2020 15:20:14 -0400 Received: from localhost (unknown [46.237.175.96]) by mira.cbaines.net (Postfix) with ESMTPSA id 1FBCF27BBE1; Thu, 11 Jun 2020 20:20:12 +0100 (BST) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id a7c50112; Thu, 11 Jun 2020 19:20:08 +0000 (UTC) References: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> User-agent: mu4e 1.2.0; emacs 26.3 From: Christopher Baines To: maxim.cournoyer@gmail.com Subject: Re: services: opensmtpd: Fix the setgid problem for the smtpctl utility. In-reply-to: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> Date: Thu, 11 Jun 2020 20:20:06 +0100 Message-ID: <87v9jx8l5l.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 41763 Cc: 41763@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain maxim.cournoyer@gmail.com writes: > The following patches provide a mean to specify a user and group for a > setuid program, and uses that to fix a setgid permission issue in the > context of the opensmtpd service. > > Christopher, you should be able to leverage this new facility to > configure the uid/gid of the sendmail program to that of the smtpq user, > like this: > > --8<---------------cut here---------------start------------->8--- > (operating-system) > [...] > (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail") "smtpq") > %setuid-programs)) > --8<---------------cut here---------------end--------------->8--- > > The smtpq user is created as part of the OpenSMTPD service definition. > > Thank you, > > > Maxim Well, thank you for looking in to this Maxim. I've had a brief look through the patches, although I don't know enough about this area to comment properly on them. I wonder if it's worth using a record type to make it possible to pass the user and group values to the service. That would probably result in more readable configuration than just using a list of varying length. Specifically on the diff: - (list #$@programs)))))) + (quote (#$@programs))))))) This change here will mean that you can't pass some values in, as they won't be evaluated. #~(string-append sendmail "/usr/sbin/sendmail") would no longer work for example. Thanks again, Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl7ig+ZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XfQ5w//TdCjyIV7Il7qPxVxVkms4DPVxiCBM7owp8+Pd7alvSs1RucW/ItAJFGJ cqiOpK52A9TOQ6Nn5RgWvKR9F4LVQ/kg8kLEWsTtjAetoQU5fv5MnraN8q7Jkeej PZtFj1h5HoBbVVxPSNcMVsX/l2WwrLZ0GzdNDYTH5PPovlMFSL1Vr1CEe8mvDAnL LJ8znjXz149b9DS+aqWx+SOFyR3e+6cNdyfVIe0tFlum+QjIUXt+9iCr1RVc2WJB QKPPCabnzyVuSz8p7pQHoUlxgO+9hDmoZKPVeZQ4NuzBLqZ4Jqzyc+2ydg8nKcBJ 58GcTmZUrd/QmSpzZpJWw6ljhhY0iapGeVKI+x+sHrXIepVLw3Vh50exOCvSYMit HBJ7C4qRFmQZ/I+9CuyHHdCJGWftre0s0nQf8jaEkRoFeuI2uOqQKP3O2TsQKlRN j1wZy8zRxT1XIITtyl8r7s3/LANUCj6PSXvOrKAeWuBT8CuHxXjekywuIHw1fU2X Xp8SVuC8hVsoFisR6N+zJrg7EkPolyQsjw5a3TIxW1/aVuMXvro8ptVsika6bExJ j/vGYHT7jtmdQoKNNTPfkPYyvPnSAFjUx/V273uaH1Z802Bm398qqwVEwr8V9Qf4 9JOCiJ48svqO5zrrjJuoajLjo7/v/X1bdUNL8C0qg5B8YweeEY8= =5aP7 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 15 11:12:56 2020 Received: (at 41763) by debbugs.gnu.org; 15 Jun 2020 15:12:56 +0000 Received: from localhost ([127.0.0.1]:47175 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkqn9-0007Nq-TZ for submit@debbugs.gnu.org; Mon, 15 Jun 2020 11:12:56 -0400 Received: from relay2-d.mail.gandi.net ([217.70.183.194]:65471) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkqn8-0007Nc-63 for 41763@debbugs.gnu.org; Mon, 15 Jun 2020 11:12:55 -0400 X-Originating-IP: 78.237.113.178 Received: from localhost (luy13-1-78-237-113-178.fbx.proxad.net [78.237.113.178]) (Authenticated sender: brice@waegenei.re) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id E9EA140008; Mon, 15 Jun 2020 15:12:46 +0000 (UTC) From: Brice Waegeneire To: maxim.cournoyer@gmail.com Subject: Re: [bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl utility. In-Reply-To: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> (maxim cournoyer's message of "Mon, 08 Jun 2020 13:46:37 -0400") References: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.91 (gnu/linux) Date: Mon, 15 Jun 2020 17:12:40 +0200 Message-ID: <87d060747r.fsf@waegenei.re> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41763 Cc: Christopher Baines , 41763@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hello Maxim, Thank you for the patchset! maxim.cournoyer@gmail.com writes: > The following patches provide a mean to specify a user and group for a > setuid program, and uses that to fix a setgid permission issue in the > context of the opensmtpd service. I applied it to try to use wireshark as non-root[0]: --8<---------------cut here---------------start------------->8--- (simple-service 'wireshark-group account-service-type (list (user-group (name "wireshark") (system? #t)))) (simple-service 'wireshark-dumpcap setuid-program-service-type (list (list (file-append wireshark "/bin/dumpcap") "root" "wireshark"))) --8<---------------cut here---------------end--------------->8--- And unfortunately the first run of =E2=80=9Cguix reconfigure=E2=80=9C faile= d to make =E2=80=9Cdumpcap=E2=80=9C as a setuid, but subsequent run succeeded: --8<---------------cut here---------------start------------->8--- [=E2=80=A6] setting up setuid programs in '/run/setuid-programs'... warning: failed to make '/gnu/store/vdlk9rli5k5svy8p7bhf90ln03ybnxgj-wiresh= ark-3.2.4/bin/dumpcap' setuid (root:wireshark): Success populating /etc from /gnu/store/hxjyvg80zjaxfynjyk3jgqsn9249azmx-etc... [=E2=80=A6] --8<---------------cut here---------------end--------------->8--- I guess it's because at first there wasn't a wireshark group on my system, adding the group and the setuid program was done in the same run, but =E2=80=9Csetting up setuid programs=E2=80=9D is done before =E2=80= =9Cpopulating /etc=E2=80=9D (comprising /etc/passwd) which in effect ended up trying to setuid =E2=80=9Cdumpcap=E2=80=9C before the =E2=80=9Cwireshark=E2=80=9C group exis= ts. And subsequent runs succeeded creating a setuid =E2=80=9Cdumpcap=E2=80=9D because the new group= was already on the system, it was created during the first run. Populating /etc before setting up /run/setuid-programs should fix that issue but maybe there is reason behind the current order of execution. > Christopher, you should be able to leverage this new facility to > configure the uid/gid of the sendmail program to that of the smtpq user, > like this: > > (operating-system) > [...] > (setuid-programs (cons (list (file-append sendmail "/usr/sbin/sendmail"= ) "smtpq") > %setuid-programs)) > Aside from that I wonder if specifying user and group in a list is future proof, maybe using a record would be more Guixy. In particular I would like to be able to set capabilities (as with =E2=80=9Csetcap=E2=80=9C= ) on binaries since the store don't support it[1]; if that's even possible but it's an other issue. [0]: https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Most_UNIXes [1]: https://lists.gnu.org/archive/html/help-guix/2016-11/msg00046.html - Brice From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 05 07:47:19 2020 Received: (at control) by debbugs.gnu.org; 5 Jul 2020 11:47:19 +0000 Received: from localhost ([127.0.0.1]:60154 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1js378-0006mp-Tr for submit@debbugs.gnu.org; Sun, 05 Jul 2020 07:47:19 -0400 Received: from relay12.mail.gandi.net ([217.70.178.232]:46233) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1js375-0006mZ-D8 for control@debbugs.gnu.org; Sun, 05 Jul 2020 07:47:17 -0400 Received: from webmail.gandi.net (webmail19.sd4.0x35.net [10.200.201.19]) (Authenticated sender: brice@waegenei.re) by relay12.mail.gandi.net (Postfix) with ESMTPA id BBFDD200003 for ; Sun, 5 Jul 2020 11:47:08 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 05 Jul 2020 11:47:08 +0000 From: Brice Waegeneire To: control@debbugs.gnu.org Subject: Block #41874 Message-ID: <9667f027e8609b9f83d0d2a6773bb8de@waegenei.re> X-Sender: brice@waegenei.re User-Agent: Roundcube Webmail/1.3.13 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) block 41874 with 41763 From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 03 09:14:34 2021 Received: (at 41763) by debbugs.gnu.org; 3 Jan 2021 14:14:34 +0000 Received: from localhost ([127.0.0.1]:37225 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kw49S-0002RH-75 for submit@debbugs.gnu.org; Sun, 03 Jan 2021 09:14:34 -0500 Received: from mout.web.de ([212.227.15.4]:54553) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kw49Q-0002R3-LT for 41763@debbugs.gnu.org; Sun, 03 Jan 2021 09:14:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1609683266; bh=e0sKtqQG+vig3NLKRumUM9smEu+228+6I0Zu+3tIYeM=; h=X-UI-Sender-Class:To:Subject:From:Date; b=CfW0SDXipU2eK8Zh2ZuCOOiYjQvK5A5Xs3pZrd7ktE4L7TgBAPNmbdB2ujFtlkmxZ 842XSjMzO6jXbXsJ2PrDsoSvawi/6xNzlNWbRzRY/jWKEzX+TqkHg7YQ0gOijT5Sj7 nLcQgellKV8a00AmBJw4Rpp73QF2FhuzX6g+rCEY= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from [192.168.178.74] ([5.146.192.224]) by smtp.web.de (mrweb002 [213.165.67.108]) with ESMTPSA (Nemesis) id 0ML8Az-1kvn2B1fxR-000PZ5 for <41763@debbugs.gnu.org>; Sun, 03 Jan 2021 15:14:26 +0100 To: 41763@debbugs.gnu.org Subject: services: opensmtpd: Fix the setgid problem for the smtpctl utility. From: Jonathan Brielmaier Message-ID: <5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de> Date: Sun, 3 Jan 2021 15:14:25 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Icedove/78.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: de-DE Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:lE5/Irpg+siGWozJIqdpLcGkweNVb3JKsvUzTb+VlBn7RdTwdb0 bUqumw97t6Bi43/of8tmLle4kMMseWNXBYUO/4rtg3odFsLyUz7U5SeB2Y7zY2FOQkjeK2I zDYR5t3E55HAW/rjcdwXlGKLrwUuIZIYieJ3IT527qW6I2RTk+8djsYlrRJbutZCnW1QKAf zp55gaP4M3WX5B7sWzH4g== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:/dPGxw+lHdo=:385qEgv22+/sflZOM0M4uy +9+OXye9mtTixx/o84HmhE2rw7x6hkXdyEeeSmL7PKXgwBB4cs/G4+0o2l0kjslLrrB1NrXLf ly4sGu+dXATnB8XeThbVApcgZdRme+1jZBzjtL4mgpxxFicUiwaziAwr87Lno8k73ERnwX8TV XuY6lVeUH2eiXLrn305RJx/NRbXEwRh2Rou6apYROXKfTmlZhBIHtM8mLp+Otc7fHn+D0TqGq 1ECwYb5psHOWXq3SAt1irP6zNyedvwIE5blG/TvbHsQdja14hC6pPQ7ob5dyZJY0ptJlS6CfW garT98l7qiHLPczWyxVjX24zQXiwAfCuViG2A6XXMzBq4+11yjb8aed02/Sc5yoDgoCB5DROU m3YmVawpc6dfgq0PpP5OfKb9IASB4Hjr852OOjdIrxCX1RFo9F+KGYxGTS7sw6svEGv6bSpjj wabANrCmcfB35BF4zUCxECjZAeKbH05mvkFWqXMhUl8XHqShqz6lvbScm13iGdY+0eecWJUG3 IWETEblgEyAJOXvV2p/ehhW0igNw2W+6W08xViq24EMMOTZWmeVE+gEo+CCNH5bjhCkdzE72D BPW4GwHv2WTzUjnk0wgP75JGDp6r1IGNUjzVP3mwHr6VgXONmAoY1Swibb8YWuwDxyWbav2v/ wUVrF7spg0e1TLdwBZiGULP86TxyhpUvKooi6D2bSe1iO4hJkCaO2uJF6QZfHaKOka4gTZ3oL UzALQ7RIa++Uuss1glQ5V0lWSV2JNGzGqYdBtyh+nR7f9nwvEkIW7Ew+FPeKrzeDqeV7P2+bI nOJu0G5AP8hNgUL/j3oxZGrc6r+5+eDCmBU64lCoaH3RUIhmz86xz9FbZydU+BVMO4czKojDM EiQSnFS/4xF+yGHIXHpucE2TAaDVePuTrCuhvh22A= X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 41763 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) It's http://issues.guix.gnu.org/41763. What does us block from merging this? It hits me hard when using OpenSMTPD. From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 03 09:50:02 2021 Received: (at 41763) by debbugs.gnu.org; 3 Jan 2021 14:50:03 +0000 Received: from localhost ([127.0.0.1]:37308 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kw4hm-0003Jo-AQ for submit@debbugs.gnu.org; Sun, 03 Jan 2021 09:50:02 -0500 Received: from tobias.gr ([80.241.217.52]:33094) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kw4hk-0003JP-JR for 41763@debbugs.gnu.org; Sun, 03 Jan 2021 09:50:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=BHO1/UAdYN2AcJ6/K8nE8/DovGiRyzDmkIqauj999pM=; h=date:in-reply-to: references:subject:cc:to:from; b=N5XUPh1Glp+sbu/eXSd+fX33YueWquuldTBhp qMqLHEJQ5W8k6dxUUjhGemLZBWNkohwq5tFrZiK9XDhihZodLKZ/I19oZiqoVdXtXHQwR5 BjFkDpTu2qb+9dPVQ4g9IhEilt+redzXunTrRUGTzF8osUc9EphgMCD85eQtylvL0DWVos R5PJ0uPIicKoh15Fpn5PSBxICMcC8Ut52Zaar2CFznXI6iBxKO1k3dCGjMPo9CaPqzFYfU mdkysnyy299PUSCVOin+Jzlad5RiXCaYF6Hn4azDzoU9Dl+6jRzNqyhrDKJAOWKRT5bdJo NmB2RcVgAO1gFCWJeVde5sRZw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 146cd13d (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Sun, 3 Jan 2021 14:50:26 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: Jonathan Brielmaier , Maxim Cournoyer Subject: Re: [bug#41763] services: opensmtpd: Fix the setgid problem for the smtpctl utility. References: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> <5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de> In-reply-to: <5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de> Date: Sun, 03 Jan 2021 15:49:57 +0100 Message-ID: <87lfda5b3e.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41763 Cc: 41763@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Jonathan Brielmaier =E5=86=99=E9=81=93=EF=BC=9A > What does us block from merging this? Reading [0], Chris & Brice bring up two good points that I don't=20 see addressed: using a record instead of a list & not breaking=20 gexps, although fixing one would probably moot the other. Kind regards, T G-R [0]: http://issues.guix.gnu.org/41763 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCX/HZlQ0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15NHIBAKrJR1+Baz9JB8K2wvHNLBnwHH1XIuMG//rWiOZa 3OuVAP9CsnxR5Ta1t19pyjXrdhMzidBhPea8LdaoaNB5SF+PAA== =LZhz -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 16 00:24:41 2021 Received: (at 41763-done) by debbugs.gnu.org; 16 Jul 2021 04:24:41 +0000 Received: from localhost ([127.0.0.1]:50266 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m4FOy-0001Yy-Vw for submit@debbugs.gnu.org; Fri, 16 Jul 2021 00:24:41 -0400 Received: from mail-qt1-f176.google.com ([209.85.160.176]:43726) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m4FOv-0001Yj-2L for 41763-done@debbugs.gnu.org; Fri, 16 Jul 2021 00:24:39 -0400 Received: by mail-qt1-f176.google.com with SMTP id c13so3583333qtc.10 for <41763-done@debbugs.gnu.org>; Thu, 15 Jul 2021 21:24:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=qGG3JIZ7L88d5LIzkG30NRCW/2SrAFXTccx9OYm0xWw=; b=DJYAxK9mcdG34CA2oIn+0zxnfITOpFB7Iwm9QPJS8hcICD9D5KQEO4up6GDtSKgh6S m9qEQSKOEBcjHf8A/nighetLU0v54Db4Wx7Udh7L7BmvAk3+CJaf1eyxZ7ZCdCNfGqdV GSUv2+YzvuUqaABNfCyynPTrmRma3Pz0ZPBvQmw7E0OaCXZFboLYeGMLT52xio7nJOa/ +jsjVZQ1Gi0TTiuJPlf8rYznLGaJwxrepFHtAKprWAqcFJQaoUtdpZ+E1QxcdTOnNu1g VVLkNQ7eMUiAQzCM1JN42cp6d05weIgj/oDMMbPA1SvXDhrZUocXker/iXti3+a9TSmV plmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=qGG3JIZ7L88d5LIzkG30NRCW/2SrAFXTccx9OYm0xWw=; b=EkmiKcc0keQvl8wb09BmS3yQVu5wGvFgRY76anj/TVDr1ZBqDuF/pCsNHkNCACBv/1 xZR1UgMxikSeu5nsWvH9SezrummicmuYKFKa+SrbFYo6ZtiGbzb+UstRi7vwvtbeRP+T +slFunV2/1DRx1Mz3a+uVBvYgGkr+Ir6AE2zE+4RPk6VtlC2NuQc1fp56MmWls2wAe0d uvLEhaDmYP4up+Ni5m12L/xHv4pNJsDKxMA/paiUe4YPbyocVCG4WUk7+/+KJrONZVXx 19HKvOfTnwO0gEyPugZ+gGDGoOt3INMp/cWLQToBQWC41RdX6/SfZUo9KAKkvgJVLVxX Jq3A== X-Gm-Message-State: AOAM531a/Tn08pUwatuiXwXXqwHl5ldK7NLDdp056EWqiDS3j4qV+rFB x8KHWhGq1zZ7AWgNbHfvXzsFLUbEUPp78y/7 X-Google-Smtp-Source: ABdhPJzzg+uy0jBqxoP0W4xTO7h6xWcQmb38odEblOrroUSrt+Q0n7wDY2s/dpBM6g7MgIPB9gx7SQ== X-Received: by 2002:ac8:59c5:: with SMTP id f5mr7133965qtf.50.1626409471486; Thu, 15 Jul 2021 21:24:31 -0700 (PDT) Received: from hurd (dsl-159-138.b2b2c.ca. [66.158.159.138]) by smtp.gmail.com with ESMTPSA id g76sm3394037qke.127.2021.07.15.21.24.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jul 2021 21:24:31 -0700 (PDT) From: Maxim Cournoyer To: Tobias Geerinckx-Rice Subject: Re: bug#41763: services: opensmtpd: Fix the setgid problem for the smtpctl utility. References: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> <5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de> <87lfda5b3e.fsf@nckx> Date: Fri, 16 Jul 2021 00:24:30 -0400 In-Reply-To: <87lfda5b3e.fsf@nckx> (Tobias Geerinckx-Rice's message of "Sun, 03 Jan 2021 15:49:57 +0100") Message-ID: <874kcunawx.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 41763-done Cc: 41763-done@debbugs.gnu.org, Jonathan Brielmaier X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Tobias Geerinckx-Rice writes: > Jonathan Brielmaier =E5=86=99=E9=81=93=EF=BC=9A >> What does us block from merging this? > > Reading [0], Chris & Brice bring up two good points that I don't see > addressed: using a record instead of a list & not breaking gexps, > although fixing one would probably moot the other. > > Kind regards, > > T G-R > > [0]: http://issues.guix.gnu.org/41763 Closing in favor of https://issues.guix.gnu.org/44700. Thanks, Maxim From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 16 01:37:48 2021 Received: (at 41763) by debbugs.gnu.org; 16 Jul 2021 05:37:48 +0000 Received: from localhost ([127.0.0.1]:50320 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m4GXk-0003Vb-8m for submit@debbugs.gnu.org; Fri, 16 Jul 2021 01:37:48 -0400 Received: from tobias.gr ([80.241.217.52]:50306) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1m4GXh-0003VR-N6 for 41763@debbugs.gnu.org; Fri, 16 Jul 2021 01:37:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=18S4vMRytFbTZ 0PZa1HafgwOWMqHWJ3yHX4vqBgtOmU=; h=references:in-reply-to:subject:to: from:date; d=tobias.gr; b=my2fSgsbJRfQfIsYdihwtmRUzt7c+sAkcOdtoQ+vCzWg 0ID26VM99TlnZBAkVZUsl99NxVeVPd7ab/7c28dXzrLJlw7H2Pk3bkqyyHZI20qxGK4ZSy 2JzebMoLmnmVDa/INy1kTB8t14bEwfSJKwQjiH9tpuAclxMLCcrBptCFVKSDAt0EO58SL5 oY3N9aA+DZmpUDuKk50J78VZT71Kx6P/pjHLs6tTndfQnfTzDV5ZDthF2Bopyn4s1YSsEl j0gsJj9fg9EckqpM0xwynBDuK9d2biBilGXRhyLeAPHKewKby8/znco9vKobxSm7HzYht4 rNCOqCwm9fI8WSenig== Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id 81fe9d00 for <41763@debbugs.gnu.org>; Fri, 16 Jul 2021 05:37:39 +0000 (UTC) MIME-Version: 1.0 Date: Fri, 16 Jul 2021 07:37:39 +0200 From: Tobias Geerinckx-Rice To: 41763@debbugs.gnu.org Subject: Re: bug#41763: services: opensmtpd: Fix the setgid problem for the smtpctl utility. In-Reply-To: <72969b174e0439d4add1191861cb6fb7@tobias.gr> References: <87eeqpih6q.fsf@hurd.i-did-not-set--mail-host-address--so-tickle-me> <5aa8fff2-b4e6-8cba-e396-cd5c7a144fbc@web.de> <87lfda5b3e.fsf@nckx> <874kcunawx.fsf_-_@gmail.com> <72969b174e0439d4add1191861cb6fb7@tobias.gr> Message-ID: Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 41763 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) > Closing in favor of https://issues.guix.gnu.org/44700. Yes please. Thanks. T G-R Sent from a Web browser. Excuse or enjoy my brevity. From unknown Sun Jun 22 11:34:42 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 13 Aug 2021 11:24:08 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator