Re: Setuid programs

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setuid programs

From:	Maxim Cournoyer
Subject:	Re: Setuid programs
Date:	Fri, 28 Aug 2020 00:43:22 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hello Gabor!

Gábor Boskovits <boskovits@gmail.com> writes:

> Hello guix,
>
> I would like to propose an extension to how setuid programs are
> currently handled. The last time I checked it could only do setuid and
> setgid root. Some services, such as postfix need a more fine grained
> setuid setup. I would propose a record type, such as:
> (setuid
> (program setuid-program)
> (setuid setuid-setuid)
> (setgid setuid-setgid)
> (user setuid-user)
> (group setuid-group))
>
> So that there is more fine grained control.
>
> I would also propose to move this to the services framework, so that
> services could extend this field on demand.
>
> Wdyt?

This sounds great!  I also encountered such limitation and tried to
fixing it in https://issues.guix.info/41763, with some success (and an
unresolved limitation pointed by Chriistopher) but I agree that using a
record makes more sense and is more future proof.

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

Setuid programs, Gábor Boskovits, 2020/08/27
- Re: Setuid programs, Maxim Cournoyer <=

Prev by Date: [PATCH] hydra: Use the new 'systems' field for build-machine definitions.
Next by Date: Re: [bug#42738] [PATCH v4] gnu: emacs: Update to 27.1.
Previous by thread: Setuid programs
Next by thread: [PATCH v4] gnu: emacs: Update to 27.1.
Index(es):
- Date
- Thread