Re: Setuid programs

[Christopher Lemmer Webber]

Maxim Cournoyer writes:

> Hello Gabor!
>
> Gábor Boskovits <boskovits@gmail.com> writes:
>
>> Hello guix,
>>
>> I would like to propose an extension to how setuid programs are
>> currently handled. The last time I checked it could only do setuid and
>> setgid root. Some services, such as postfix need a more fine grained
>> setuid setup. I would propose a record type, such as:
>> (setuid
>> (program setuid-program)
>> (setuid setuid-setuid)
>> (setgid setuid-setgid)
>> (user setuid-user)
>> (group setuid-group))
>>
>> So that there is more fine grained control.
>>
>> I would also propose to move this to the services framework, so that
>> services could extend this field on demand.
>>
>> Wdyt?
>
> This sounds great!  I also encountered such limitation and tried to
> fixing it in https://issues.guix.info/41763, with some success (and an
> unresolved limitation pointed by Chriistopher) but I agree that using a
> record makes more sense and is more future proof.
>
> Maxim

I'm eager to use Postfix on Guix (maybe it's me, but I just can't make
sense of the weird DSL that opensmtpd uses) so I guess if that's what's
necessary it already makes it a good idea.

However I don't fully understand the syntax of what you proposed.  Let's
see if I can guess with a fake entry

#~(setuid
   ;; The program to run, from the shady package
   (program (string-append #$shady "/bin/scaryfoo")
   ;; Would this be a boolean?  If so should it be `setuid?`
   (setuid setuid-setuid)
   ;; Likewise?
   (setgid setuid-setgid)
   ;; Presumably the use we want to set this to
   (user setuid-user)
   ;; Presumably the group we want to se this to
   (group setuid-group))

... right?

I guess this could be done in a backwards compatible way;
%setuid-programs could either evaluate to strings or records, so the
"simpler" version can remain an option?

 - Chris