From unknown Sat Jun 21 10:39:41 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#56756 <56756@debbugs.gnu.org>
To: bug#56756 <56756@debbugs.gnu.org>
Subject: Status: [PATCH] gnu: services: Add optional fix for opensmtpd
 executables group
Reply-To: bug#56756 <56756@debbugs.gnu.org>
Date: Sat, 21 Jun 2025 17:39:41 +0000

retitle 56756 [PATCH] gnu: services: Add optional fix for opensmtpd executa=
bles group
reassign 56756 guix-patches
submitter 56756 Maya <maya.omase@protonmail.com>
severity 56756 normal
tag 56756 patch

thanks


From debbugs-submit-bounces@debbugs.gnu.org Mon Jul 25 05:02:39 2022
Received: (at submit) by debbugs.gnu.org; 25 Jul 2022 09:02:39 +0000
Received: from localhost ([127.0.0.1]:49235 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oFtz4-0003qn-Fi
	for submit@debbugs.gnu.org; Mon, 25 Jul 2022 05:02:38 -0400
Received: from lists.gnu.org ([209.51.188.17]:47578)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.omase@protonmail.com>) id 1oFtz1-0003qe-9O
 for submit@debbugs.gnu.org; Mon, 25 Jul 2022 05:02:38 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:36554)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maya.omase@protonmail.com>)
 id 1oFtz1-0006x7-4b
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:02:35 -0400
Received: from mail-0201.mail-europe.com ([51.77.79.158]:40579)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maya.omase@protonmail.com>)
 id 1oFtyy-0007Q5-9h
 for guix-patches@gnu.org; Mon, 25 Jul 2022 05:02:34 -0400
Date: Mon, 25 Jul 2022 09:02:18 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1658739746; x=1658998946;
 bh=GtxFmnpjzxIq3uNDZ36Fb75aZUmlbFyOdQp4/CT70UA=;
 h=Date:To:From:Reply-To:Subject:Message-ID:Feedback-ID:From:To:Cc:
 Date:Subject:Reply-To:Feedback-ID:Message-ID;
 b=nsRUKW7wYlUclaBVH5csjJko70U0ZYVHfeXJqi31Jr4DT7dbpABTqKhTbBZkqYIxN
 MTIPXNBx90Tvko4VZMz/2Xd44baDDqgTz6HfEvSacjJ9OXzrigAT6/otM7g5xVMdr+
 8PTACoAApVhMjtbGFEttvpb0QdITY3cta8P//duvG4nm+zVf6W61diyCvd27KbTMz8
 OmiAqd3vwJyAGDveY6gsFsdq+krMHthNZP0iwVQ+auLd6gXD5xGFmheKrQzPikXp+n
 tUqSAeK9HdXSREVIVYhkU3GyKn0GDDfM/RySDt6dMprPLvAX1wfkkEtN+IWtCcMQj5
 O/gJNv0KhQ+4g==
To: "guix-patches@gnu.org" <guix-patches@gnu.org>
From: Maya <maya.omase@protonmail.com>
Subject: [PATCH] gnu: services: Add optional fix for opensmtpd executables
 group
Message-ID: <j0Qv_BQl2vETNUUP9Zx8qNRW3AweMu0POQ56pxeJjmJiorsNkQyYIEN7a_XL7ZsF9TkT6wYLKPE1fLy4ohvnzz-7dDrmJIuwJzFysYtjIDI=@protonmail.com>
Feedback-ID: 44744921:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=51.77.79.158;
 envelope-from=maya.omase@protonmail.com; helo=mail-0201.mail-europe.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Maya <maya.omase@protonmail.com>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

This is a patch that fixes "<executable name>: this program must be setgid =
smtpq". As this cannot be done in the store during build, but the upstream =
opensmtpd requires to set the group of those executables.

---
 gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 65 insertions(+), 2 deletions(-)

diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
   #:use-module (gnu system shadow)
+  #:use-module (gnu system setuid)
   #:use-module (gnu packages mail)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
   (package     opensmtpd-configuration-package
                (default opensmtpd))
   (config-file opensmtpd-configuration-config-file
-               (default %default-opensmtpd-config-file)))
+               (default %default-opensmtpd-config-file))
+  (set-gids? opensmtpd-set-gids? (default #t)
+             "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))

 (define %default-opensmtpd-config-file
   (plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
 (define %opensmtpd-pam-services
   (list (unix-pam-service "smtpd")))

+(define opensmtpd-set-gids
+  (match-lambda
+    (($ <opensmtpd-configuration> package config-file set-gids?)
+     (if set-gids?
+         (list
+          (setuid-program
+           (program (file-append package "/sbin/smtpctl"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/sendmail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/send-mail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/makemap"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/mailq"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/newaliases"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq")))
+         '()))))
+
 (define opensmtpd-service-type
   (service-type
    (name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
           (service-extension profile-service-type
                              (compose list opensmtpd-configuration-package=
))
           (service-extension shepherd-root-service-type
-                             opensmtpd-shepherd-service)))
+                             opensmtpd-shepherd-service)
+          (service-extension setuid-program-service-type
+                             opensmtpd-set-gids)))
    (description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Ma=
il
 Transfer Protocol} server.")))

--
2.37.0




From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 01 05:51:46 2022
Received: (at 56756-done) by debbugs.gnu.org; 1 Aug 2022 09:51:46 +0000
Received: from localhost ([127.0.0.1]:39349 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oIS5R-00034M-Vc
	for submit@debbugs.gnu.org; Mon, 01 Aug 2022 05:51:46 -0400
Received: from eggs.gnu.org ([209.51.188.92]:60288)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1oIS5Q-000342-ED
 for 56756-done@debbugs.gnu.org; Mon, 01 Aug 2022 05:51:44 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:46052)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1oIS5J-0006Rv-OA; Mon, 01 Aug 2022 05:51:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=uY8LoHf/V0nwXvfwi0dPzpGLxDfGPr6KydCVrLoGyiE=; b=BuSS5IZ06LV6H518XOMG
 LbO6dUQGwgQ8qC4yu2NkfNfi+65k9Y9zrL/M77xMkQ2J2Eeizh6Sc6j797xCCC6enl+d8rCGqx9mD
 p+/oSj3r4wVirJQlQz3sAmIMVolPYCPFpSfF6wOgCt/S6GG7wc08aeQB2niZf72G2nJBPGwIY6Zpd
 mGbpsHA5W2xBpdjPnvF1DssksxdiL6uuXKvIhzIdQrU6iFxOWldbR/uxhvPd+RU+qTM8LQ0EgzLY5
 PJYJ1T1XeXs+erAIqRb2KoQmpKe1NFkEh8+RFyLlG2uCH0jwa1gQpb5BwYYpq3+dHplDeCeLc1g/X
 /bTJcZU8RsU9Bw==;
Received: from [193.50.110.235] (port=33600 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1oIS5I-0002na-Gp; Mon, 01 Aug 2022 05:51:37 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Maya <maya.omase@protonmail.com>
Subject: Re: bug#56756: [PATCH] gnu: services: Add optional fix for
 opensmtpd executables group
References: <j0Qv_BQl2vETNUUP9Zx8qNRW3AweMu0POQ56pxeJjmJiorsNkQyYIEN7a_XL7ZsF9TkT6wYLKPE1fLy4ohvnzz-7dDrmJIuwJzFysYtjIDI=@protonmail.com>
Date: Mon, 01 Aug 2022 11:51:33 +0200
In-Reply-To: <j0Qv_BQl2vETNUUP9Zx8qNRW3AweMu0POQ56pxeJjmJiorsNkQyYIEN7a_XL7ZsF9TkT6wYLKPE1fLy4ohvnzz-7dDrmJIuwJzFysYtjIDI=@protonmail.com>
 (Maya's message of "Mon, 25 Jul 2022 09:02:18 +0000")
Message-ID: <87wnbsz3yy.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56756-done
Cc: 56756-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Maya,

Maya <maya.omase@protonmail.com> skribis:

> This is a patch that fixes "<executable name>: this program must be setgi=
d smtpq". As this cannot be done in the store during build, but the upstrea=
m opensmtpd requires to set the group of those executables.
>
> ---
>  gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 65 insertions(+), 2 deletions(-)

That sounds like a welcome improvement.

I applied the patch with a few changes:

  =E2=80=A2 Changed the option name from =E2=80=98set-gids?=E2=80=99 to =E2=
=80=98setgid-commands?=E2=80=99,
    which I think is slightly clearer.

  =E2=80=A2 Tweaked and moved its documentation to =E2=80=98doc/guix.texi=
=E2=80=99.

  =E2=80=A2 Adjusted the commit log as per our conventions (see
    <https://guix.gnu.org/manual/devel/en/html_node/Submitting-Patches.html=
>).

Thank you!

Ludo=E2=80=99.




From unknown Sat Jun 21 10:39:41 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Mon, 29 Aug 2022 11:24:07 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator