GNU bug report logs -
#56756
[PATCH] gnu: services: Add optional fix for opensmtpd executables group
Previous Next
Reported by: Maya <maya.omase <at> protonmail.com>
Date: Mon, 25 Jul 2022 09:03:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.
---
gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 65 insertions(+), 2 deletions(-)
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
#:use-module (gnu services shepherd)
#:use-module (gnu system pam)
#:use-module (gnu system shadow)
+ #:use-module (gnu system setuid)
#:use-module (gnu packages mail)
#:use-module (gnu packages admin)
#:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
(package opensmtpd-configuration-package
(default opensmtpd))
(config-file opensmtpd-configuration-config-file
- (default %default-opensmtpd-config-file)))
+ (default %default-opensmtpd-config-file))
+ (set-gids? opensmtpd-set-gids? (default #t)
+ "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))
(define %default-opensmtpd-config-file
(plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
(define %opensmtpd-pam-services
(list (unix-pam-service "smtpd")))
+(define opensmtpd-set-gids
+ (match-lambda
+ (($ <opensmtpd-configuration> package config-file set-gids?)
+ (if set-gids?
+ (list
+ (setuid-program
+ (program (file-append package "/sbin/smtpctl"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/sendmail"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/send-mail"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/makemap"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/mailq"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq"))
+ (setuid-program
+ (program (file-append package "/sbin/newaliases"))
+ (setuid? #false)
+ (setgid? #true)
+ (group "smtpq")))
+ '()))))
+
(define opensmtpd-service-type
(service-type
(name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
(service-extension profile-service-type
(compose list opensmtpd-configuration-package))
(service-extension shepherd-root-service-type
- opensmtpd-shepherd-service)))
+ opensmtpd-shepherd-service)
+ (service-extension setuid-program-service-type
+ opensmtpd-set-gids)))
(description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
Transfer Protocol} server.")))
--
2.37.0
This bug report was last modified 2 years and 297 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.