[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
set permission/ownership for files generated by service
|
From: |
Reza Alizadeh Majd |
|
Subject: |
set permission/ownership for files generated by service |
|
Date: |
Tue, 14 Jul 2020 04:48:09 +0430 |
Hi Guix,
I'm working on a custom service for an application, this application
use a unix socket for communication, and for security purpose I change
the owner group for this socket file and only applications that run by
members of this specific group can access to this socket file.
running the application manually, everything is OK and socket file is
created with desired permissions, but when I try to run this
application as a service, I receive permission error during ownership
modification.
my service definition is as follows:
--8<---------------cut here---------------start------------->8---
(define-record-type* <kyc-configuration>
kyc-configuration make-kyc-configuration
kyc-configuration?
(package kyc-configuration-package
(default kyc))
(user kyc-configuration-user
(default "kyc-service"))
(group kyc-configuration-group
(default "kyc-service")))
(define %kyc-accounts
(list (user-group (name "kyc-service"))
(user-group (name "kyc-rpc"))
(user-account
(name "kyc-service")
(group "kyc-service")
(system? #f)
(supplementary-groups '("wheel" "kyc-rpc" "video"))
(comment "KYC service user"))))
(define kyc-shepherd-service
(match-lambda
(($ <kyc-configuration> package user group)
(list (shepherd-service
(provision '(kyc))
(documentation "Run KYC as a daemon.")
(requirement '(networking user-processes))
(modules `((srfi srfi-1)
(srfi srfi-26)
,@%default-modules))
(start #~(make-forkexec-constructor
(list
(string-append #$package "/bin/kyc"))
#:user #$user
#:group #$group
#:environment-variables
(list (string-append "PATH=" #$coreutils "/bin:"
(getenv "PATH"))
(string-append "HOME=" "/home/" #$user))))
(stop #~(make-kill-destructor)))))))
(define kyc-service-type
(service-type
(name 'kyc)
(extensions (list (service-extension shepherd-root-service-type
kyc-shepherd-service)
(service-extension account-service-type
(const
%kyc-accounts))))
(default-value (kyc-configuration))))
--8<---------------cut here---------------end--------------->8---
is there anything that I missed for this service definition?
--
Reza Alizadeh Majd
PantherX Team
https://www.pantherx.org/
- set permission/ownership for files generated by service,
Reza Alizadeh Majd <=
- Re: set permission/ownership for files generated by service, Julien Lepiller, 2020/07/14
- Re: set permission/ownership for files generated by service, Reza Alizadeh Majd, 2020/07/14
- Re: set permission/ownership for files generated by service, Efraim Flashner, 2020/07/14
- Re: set permission/ownership for files generated by service, Reza Alizadeh Majd, 2020/07/14
- Re: set permission/ownership for files generated by service, Reza Alizadeh Majd, 2020/07/14
- Re: set permission/ownership for files generated by service, Efraim Flashner, 2020/07/14
- Re: set permission/ownership for files generated by service, Reza Alizadeh Majd, 2020/07/14