[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Setuid programs
From: |
Maxim Cournoyer |
Subject: |
Re: Setuid programs |
Date: |
Fri, 28 Aug 2020 00:43:22 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hello Gabor!
Gábor Boskovits <boskovits@gmail.com> writes:
> Hello guix,
>
> I would like to propose an extension to how setuid programs are
> currently handled. The last time I checked it could only do setuid and
> setgid root. Some services, such as postfix need a more fine grained
> setuid setup. I would propose a record type, such as:
> (setuid
> (program setuid-program)
> (setuid setuid-setuid)
> (setgid setuid-setgid)
> (user setuid-user)
> (group setuid-group))
>
> So that there is more fine grained control.
>
> I would also propose to move this to the services framework, so that
> services could extend this field on demand.
>
> Wdyt?
This sounds great! I also encountered such limitation and tried to
fixing it in https://issues.guix.info/41763, with some success (and an
unresolved limitation pointed by Chriistopher) but I agree that using a
record makes more sense and is more future proof.
Maxim
- Setuid programs, Gábor Boskovits, 2020/08/27
- Re: Setuid programs,
Maxim Cournoyer <=