[PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS.

DoneSubmitted by Brice Waegeneire.
Details
3 participants
  • Brice Waegeneire
  • 宋文武
  • Marius Bakke
Owner
unassigned
Severity
normal
B
B
Brice Waegeneire wrote on 15 Jun 18:23 +0200
(address . guix-patches@gnu.org)
20200615162328.25429-1-brice@waegenei.re
* gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.---
Without it 'newgrp' is unusable:
Toggle snippet (11 lines)$ whoamibricewge$ cat /etc/group | grep wiresharkwireshark:x:970:bricewge$ groupsusers libvirt adbusers plugdev kvm lp netdev audio video input dialout wheel$ newgrp wiresharksetgroups: Operation not permittedsetgid: Operation not permitted
I also added 'sg' since, in the shadow package, it's a symlink to 'newgrp'.
gnu/system.scm | 2 ++ 1 file changed, 2 insertions(+)
Toggle diff (16 lines)diff --git a/gnu/system.scm b/gnu/system.scmindex 06bbc9e9c8..3e3d1927c2 100644--- a/gnu/system.scm+++ b/gnu/system.scm@@ -932,7 +932,9 @@ use 'plain-file' instead~%") ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) (list (file-append shadow "/bin/passwd")+ (file-append shadow "/bin/sg") (file-append shadow "/bin/su")+ (file-append shadow "/bin/newgrp") (file-append shadow "/bin/newuidmap") (file-append shadow "/bin/newgidmap") (file-append inetutils "/bin/ping")-- 2.26.2
宋文武 wrote on 21 Jun 05:36 +0200
(name . Brice Waegeneire)(address . brice@waegenei.re)(address . 41875-done@debbugs.gnu.org)
87sgepcco5.fsf@member.fsf.org
Brice Waegeneire <brice@waegenei.re> writes:
Toggle quote (2 lines)> * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.
Pushed, thank you!
Closed
M
M
Marius Bakke wrote on 22 Jun 23:14 +0200
87zh8uajl8.fsf@gnu.org
Brice Waegeneire <brice@waegenei.re> writes:
Toggle quote (2 lines)> * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.
LGTM. Now I can remove this bit from my system config:
(setuid-programs (append (list #~(string-append #$shadow "/bin/newgrp")) %setuid-programs)))
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl7xH1QACgkQoqBt8qM6VPp8aggAh8OAw3YRdJkeUgxlDCtZO0C7tov4vf1IuCg6avzbQBhl8exw2r0BITxQ4w3sHk1yXXpnXOHXpT44I60fuDONDCdOuzfAAT4urHCunMCdjEskk5G3+NSyim8ByuUPXtLhRCFOISgRALeR5D/+3kP/LFnrYfd7mldSoLmhpaurJ+vyG9MO98IvHtAsV81Hm29nYSx/ZOTV5JdNRpeeamCTFJQFRuPlDFEhOcMkIlwgTiVjlgAgUdaTlK3p7EF3yI6uKomp7p0uz5xaotMInPEcGtfflIbg+c918ZBJu9Od1yBmo19cPcP+vVFAbI0GG6BgL7SC9tz9RZ92PlqfMdWy3g===0LsM-----END PGP SIGNATURE-----
?