On Tue, 14 Jul 2020 15:36:41 +0300 Efraim Flashner <efr...@flashner.co.il> wrote:
> On Tue, Jul 14, 2020 at 04:46:31PM +0430, Reza Alizadeh Majd wrote: > > > > I assume that I find the issue source: > > > > > > > > > > > > > >--8<---------------cut > > > > > >here---------------start------------->8--- > > > > > > > > > > > >(define %kyc-accounts > > > > > > (list (user-group (name "kyc-service")) > > > > > > (user-group (name "kyc-rpc")) > > > > > > (user-account > > > > > > (name "kyc-service") > > > > > > (group "kyc-service") > > > > > > (system? #f) > > > > > > (supplementary-groups '("wheel" "kyc-rpc" "video")) > > > > > > (comment "KYC service user")))) > > > > > > > > > > > >--8<---------------cut > > > > > >here---------------end--------------->8--- > > > > > > > > > > I modified the service definition to open an empty 'screen', so I > > can access shell through service, when I connect to the screen and > > check user groups, it seems that the 'supplementary-groups' didn't > > apply to the user: > > > > --8<---------------cut here---------------start------------->8--- > > sh-5.0$ whoami > > kyc-service > > sh-5.0$ groups > > kyc-service > > sh-5.0$ > > --8<---------------cut here---------------end--------------->8--- > > > > so, is there any thing that I missed? > > > > The only other thing I can think of right now is that you're creating > the kyc-service and kyc-rpc groups AND also using them for the first > time here. It could be that the kyc-service group is created with the > kyc-service user and the kyc-rpc group is 'too slow'. Try your code > again but without the kyc-rpc group. > I don't think, since the issue still persists after restarting the services, or even by rebooting the machine. I also checked the `/etc/group` and `kyc-service` user exists in all of the supplementary groups. but the `groups` command shows only the primary group. --8<---------------cut here---------------start------------->8--- sh-5.0$ cat /etc/group | grep "kyc" kyc-user:x:30002: kyc-rpc:x:30001:kyc-user,kyc-service kyc-service:x:980: wheel:x:999:kyc-user,kyc-service video:x:992:kyc-user,kyc-service --8<---------------cut here---------------end--------------->8--- is it possible that I missed to set any environment variable, so the permissions wouldn't be loaded correctly? -- Reza Alizadeh Majd PantherX Team https://www.pantherx.org/