GNU bug report logs -
#73767
[PATCH] gnu: system: Privilege programs after creating accounts.
Previous Next
Reported by: Dariqq <dariqq <at> posteo.net>
Date: Sat, 12 Oct 2024 08:08:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Ensure that users and groups are already created when the privileging script
runs. The order these scripts appear in the folded activation-service depends
on the order these services are instantiated in the operating-system.
Fixes https://issues.guix.gnu.org/73680.
* gnu/system.scm (operating-system-default-essential-services): Move
privileged-program-service above account-service.
(hurd-default-essential-services): Likewise.
Change-Id: I662fb1eff42e4088496fccb76e0efbf2b1da096e
---
Hi,
I tested that this fixes my problem of setting something suid to a new user. For the hurd change i only looked at the final value of activation-service type in hurd-barebones-os and confirmed that
'#<gexp gnu/system/shadow.scm:430:4>' is before #<gexp gnu/services.scm:922:6> (which is the privileging script).
I would prefer a solution that also models this dependency to not depend on input order but this might be tricky.
gnu/system.scm | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index 44f93f91d1..c19730b331 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -809,6 +809,11 @@ (define (operating-system-default-essential-services os)
%shepherd-root-service
(pam-root-service (operating-system-pam-services os))
+ ;; Make sure that privileged-programs activation script
+ ;; runs after accounts are created
+ (service privileged-program-service-type
+ (append (operating-system-privileged-programs os)
+ (operating-system-setuid-programs os)))
(account-service (append (operating-system-accounts os)
(operating-system-groups os))
(operating-system-skeletons os))
@@ -826,9 +831,6 @@ (define (operating-system-default-essential-services os)
(operating-system-environment-variables os))
(service host-name-service-type host-name)
procs root-fs
- (service privileged-program-service-type
- (append (operating-system-privileged-programs os)
- (operating-system-setuid-programs os)))
(service profile-service-type
(operating-system-packages os))
boot-fs non-boot-fs
@@ -850,6 +852,11 @@ (define (hurd-default-essential-services os)
(service shepherd-root-service-type)
(service user-processes-service-type)
+ ;; Make sure that privileged-programs activation script
+ ;; runs after accounts are created
+ (service privileged-program-service-type
+ (append (operating-system-privileged-programs os)
+ (operating-system-setuid-programs os)))
(account-service (append (operating-system-accounts os)
(operating-system-groups os))
(operating-system-skeletons os))
@@ -866,9 +873,6 @@ (define (hurd-default-essential-services os)
(list `("hosts" ,hosts-file)))
(service hosts-service-type
(local-host-entries host-name)))
- (service privileged-program-service-type
- (append (operating-system-privileged-programs os)
- (operating-system-setuid-programs os)))
(service profile-service-type (operating-system-packages os)))))
(define* (operating-system-services os)
base-commit: b8fd792ea267cb920da0651074a533d8abf00488
--
2.46.0
This bug report was last modified 303 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.