GNU bug report logs - #56756
[PATCH] gnu: services: Add optional fix for opensmtpd executables group

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Maya <maya.omase <at> protonmail.com>
Subject: bug#56756: closed (Re: bug#56756: [PATCH] gnu: services: Add
 optional fix for opensmtpd executables group)
Date: Mon, 01 Aug 2022 09:52:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#56756: [PATCH] gnu: services: Add optional fix for opensmtpd executables group

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 56756 <at> debbugs.gnu.org.

-- 
56756: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=56756
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maya <maya.omase <at> protonmail.com>
Cc: 56756-done <at> debbugs.gnu.org
Subject: Re: bug#56756: [PATCH] gnu: services: Add optional fix for
 opensmtpd executables group
Date: Mon, 01 Aug 2022 11:51:33 +0200

Hi Maya,

Maya <maya.omase <at> protonmail.com> skribis:

> This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.
>
> ---
>  gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 65 insertions(+), 2 deletions(-)

That sounds like a welcome improvement.

I applied the patch with a few changes:

  • Changed the option name from ‘set-gids?’ to ‘setgid-commands?’,
    which I think is slightly clearer.

  • Tweaked and moved its documentation to ‘doc/guix.texi’.

  • Adjusted the commit log as per our conventions (see
    <https://guix.gnu.org/manual/devel/en/html_node/Submitting-Patches.html>).

Thank you!

Ludo’.

[Message part 3 (message/rfc822, inline)]

From: Maya <maya.omase <at> protonmail.com>
To: "guix-patches <at> gnu.org" <guix-patches <at> gnu.org>
Subject: [PATCH] gnu: services: Add optional fix for opensmtpd executables
 group
Date: Mon, 25 Jul 2022 09:02:18 +0000

This is a patch that fixes "<executable name>: this program must be setgid smtpq". As this cannot be done in the store during build, but the upstream opensmtpd requires to set the group of those executables.

---
 gnu/services/mail.scm | 67 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 65 insertions(+), 2 deletions(-)

diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 10e6523861..803cdd77f2 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -30,6 +30,7 @@ (define-module (gnu services mail)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system pam)
   #:use-module (gnu system shadow)
+  #:use-module (gnu system setuid)
   #:use-module (gnu packages mail)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages dav)
@@ -1653,7 +1654,30 @@ (define-record-type* <opensmtpd-configuration>
   (package     opensmtpd-configuration-package
                (default opensmtpd))
   (config-file opensmtpd-configuration-config-file
-               (default %default-opensmtpd-config-file)))
+               (default %default-opensmtpd-config-file))
+  (set-gids? opensmtpd-set-gids? (default #t)
+             "Set group of:
+@itemize
+@item
+@command{smtpctl}
+
+@item
+@command{sendmail}
+
+@item
+@command{send-mail}
+
+@item
+@command{makemap}
+
+@item
+@command{mailq}
+
+@item
+@command{newaliases}
+@end itemize
+
+to @code{smtpq}, to allow them to be executed."))

 (define %default-opensmtpd-config-file
   (plain-file "smtpd.conf" "
@@ -1714,6 +1738,43 @@ (define opensmtpd-activation
 (define %opensmtpd-pam-services
   (list (unix-pam-service "smtpd")))

+(define opensmtpd-set-gids
+  (match-lambda
+    (($ <opensmtpd-configuration> package config-file set-gids?)
+     (if set-gids?
+         (list
+          (setuid-program
+           (program (file-append package "/sbin/smtpctl"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/sendmail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/send-mail"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/makemap"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/mailq"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq"))
+          (setuid-program
+           (program (file-append package "/sbin/newaliases"))
+           (setuid? #false)
+           (setgid? #true)
+           (group "smtpq")))
+         '()))))
+
 (define opensmtpd-service-type
   (service-type
    (name 'opensmtpd)
@@ -1727,7 +1788,9 @@ (define opensmtpd-service-type
           (service-extension profile-service-type
                              (compose list opensmtpd-configuration-package))
           (service-extension shepherd-root-service-type
-                             opensmtpd-shepherd-service)))
+                             opensmtpd-shepherd-service)
+          (service-extension setuid-program-service-type
+                             opensmtpd-set-gids)))
    (description "Run the OpenSMTPD, a lightweight @acronym{SMTP, Simple Mail
 Transfer Protocol} server.")))

--
2.37.0

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.