GNU bug report logs - #73680
privileged-programs: cant set setuid/setgid to new accounts/groups

Previous Next

Full log

View this message in rfc822 format

From: Dariqq <dariqq <at> posteo.net>
To: 73680 <at> debbugs.gnu.org
Subject: bug#73680: Acknowledgement (privileged-programs: cant set setuid/setgid to new accounts/groups)
Date: Mon,  7 Oct 2024 20:31:09 +0000

I have also seen the message when reconfiguring a running system

failed to privilege <binary>: Success

This error seems to come from guiles getgrnam: (used by 
activate-privileged-programs to get the gid of a group)

scheme@(guile-user)> (getgrnam "does-not-exist")

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure getgr: Success

Looking at man 3 getgrnam both a 0 or ENOENT return indicate that the 
gid was not found. Is /etc/groups being recreated on every boot and 
therefore not yet existing upon boot -> ENOENT? When /etc/groups already 
exists it returns 0 when not found (which guile interprets as success) ?

I dont know why the getgrnam error is being caught by the (catch 
'system-error  ... ) and the equally invalid getpwnam is not which lead 
me to an unbootable configuration (reconfigure completing because the 
user already existed but not yet when ran at boot).


I was looking at the extension-graph and the connection between 
privileged-programs and accounts is not being modeled. Not sure how this 
should work, because privileged-programs has less information about an 
account than account-service.

Still no idea why opensmtpdsetgid is working on my system but when i run 
my config through guix system container it does not.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.