[PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS.

  • Done
  • quality assurance status badge
Details
3 participants
  • Brice Waegeneire
  • ???
  • Marius Bakke
Owner
unassigned
Submitted by
Brice Waegeneire
Severity
normal
B
B
Brice Waegeneire wrote on 15 Jun 2020 18:23
(address . guix-patches@gnu.org)
20200615162328.25429-1-brice@waegenei.re
* gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.
---

Without it 'newgrp' is unusable:

Toggle snippet (11 lines)
$ whoami
bricewge
$ cat /etc/group | grep wireshark
wireshark:x:970:bricewge
$ groups
users libvirt adbusers plugdev kvm lp netdev audio video input dialout wheel
$ newgrp wireshark
setgroups: Operation not permitted
setgid: Operation not permitted

I also added 'sg' since, in the shadow package, it's a symlink to 'newgrp'.

gnu/system.scm | 2 ++
1 file changed, 2 insertions(+)

Toggle diff (16 lines)
diff --git a/gnu/system.scm b/gnu/system.scm
index 06bbc9e9c8..3e3d1927c2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -932,7 +932,9 @@ use 'plain-file' instead~%")
;; Default set of setuid-root programs.
(let ((shadow (@ (gnu packages admin) shadow)))
(list (file-append shadow "/bin/passwd")
+ (file-append shadow "/bin/sg")
(file-append shadow "/bin/su")
+ (file-append shadow "/bin/newgrp")
(file-append shadow "/bin/newuidmap")
(file-append shadow "/bin/newgidmap")
(file-append inetutils "/bin/ping")
--
2.26.2
?
(name . Brice Waegeneire)(address . brice@waegenei.re)(address . 41875-done@debbugs.gnu.org)
87sgepcco5.fsf@member.fsf.org
Brice Waegeneire <brice@waegenei.re> writes:

Toggle quote (2 lines)
> * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.

Pushed, thank you!
Closed
M
M
Marius Bakke wrote on 22 Jun 2020 23:14
87zh8uajl8.fsf@gnu.org
Brice Waegeneire <brice@waegenei.re> writes:

Toggle quote (2 lines)
> * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.

LGTM. Now I can remove this bit from my system config:

(setuid-programs (append (list #~(string-append #$shadow "/bin/newgrp"))
%setuid-programs)))
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl7xH1QACgkQoqBt8qM6
VPp8aggAh8OAw3YRdJkeUgxlDCtZO0C7tov4vf1IuCg6avzbQBhl8exw2r0BITxQ
4w3sHk1yXXpnXOHXpT44I60fuDONDCdOuzfAAT4urHCunMCdjEskk5G3+NSyim8B
yuUPXtLhRCFOISgRALeR5D/+3kP/LFnrYfd7mldSoLmhpaurJ+vyG9MO98IvHtAs
V81Hm29nYSx/ZOTV5JdNRpeeamCTFJQFRuPlDFEhOcMkIlwgTiVjlgAgUdaTlK3p
7EF3yI6uKomp7p0uz5xaotMInPEcGtfflIbg+c918ZBJu9Od1yBmo19cPcP+vVFA
bI0GG6BgL7SC9tz9RZ92PlqfMdWy3g==
=0LsM
-----END PGP SIGNATURE-----

?