Hello Gabor! Gábor Boskovits <boskov...@gmail.com> writes:
> Hello guix, > > I would like to propose an extension to how setuid programs are > currently handled. The last time I checked it could only do setuid and > setgid root. Some services, such as postfix need a more fine grained > setuid setup. I would propose a record type, such as: > (setuid > (program setuid-program) > (setuid setuid-setuid) > (setgid setuid-setgid) > (user setuid-user) > (group setuid-group)) > > So that there is more fine grained control. > > I would also propose to move this to the services framework, so that > services could extend this field on demand. > > Wdyt? This sounds great! I also encountered such limitation and tried to fixing it in https://issues.guix.info/41763, with some success (and an unresolved limitation pointed by Chriistopher) but I agree that using a record makes more sense and is more future proof. Maxim
