diff options
| author | Ricardo Wurmus <rekado@elephly.net> | 2023-09-07 21:31:20 +0200 |
|---|---|---|
| committer | Ricardo Wurmus <rekado@elephly.net> | 2023-09-07 21:31:20 +0200 |
| commit | 16d3fc8365f217091d5e1adfff7263d5c666c6d3 (patch) | |
| tree | 9e51d49e1a6bd7a1223916ad7da7e51651fab3e5 | |
| parent | b2b364298ce95936b7ec90d572a4a0f310f784de (diff) | |
services: postfix: Extend setuid-program-service-type.
* gnu/services/mail.scm (postfix-service-type): Set gid of postfix
executables.
| -rw-r--r-- | gnu/services/mail.scm | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 93987ebd69..0e6103c8d1 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -94,6 +94,7 @@ postfix-configuration-data-directory postfix-configuration-user postfix-configuration-group + postfix-configuration-setgid-commands? postfix-service-type)) @@ -2025,6 +2026,7 @@ hosts = localhost:5232")) (default "/var/lib/postfix")) (meta-directory postfix-configuration-meta-directory (default #f)) + (setgid-commands? postfix-configuration-setgid-commands? (default #t)) (user postfix-configuration-user (default "postfix")) (group postfix-configuration-group @@ -2135,12 +2137,41 @@ inet_protocols = ipv4 (start (postfix-action "start")) (stop (postfix-action "stop"))))))) +(define (postfix-set-gids config) + (match-record config <postfix-configuration> + (postfix setgid-commands? group) + (if setgid-commands? + (list + (setuid-program + (program (file-append postfix "/bin/mailq")) + (setuid? #false) + (setgid? #true) + (group group)) + (setuid-program + (program (file-append postfix "/bin/sendmail")) + (setuid? #false) + (setgid? #true) + (group group)) + (setuid-program + (program (file-append postfix "/sbin/postqueue")) + (setuid? #false) + (setgid? #true) + (group group)) + (setuid-program + (program (file-append postfix "/sbin/postdrop")) + (setuid? #false) + (setgid? #true) + (group group))) + '()))) + (define postfix-service-type (service-type (name 'postfix) - (extensions (list (service-extension account-service-type postfix-accounts) - (service-extension activation-service-type postfix-activation) - (service-extension shepherd-root-service-type postfix-shepherd-service) - (service-extension mail-aliases-service-type (const '())))) + (extensions + (list (service-extension account-service-type postfix-accounts) + (service-extension activation-service-type postfix-activation) + (service-extension shepherd-root-service-type postfix-shepherd-service) + (service-extension mail-aliases-service-type (const '())) + (service-extension setuid-program-service-type postfix-set-gids))) (description "Run the Postfix MTA.") (default-value (postfix-configuration)))) |