diff options
author | EuAndreh <eu@euandre.org> | 2022-11-30 17:37:07 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2022-11-30 17:37:07 -0300 |
commit | a7c558d85f44fe567cb458804da4eefa52efbcf2 (patch) | |
tree | bc69d41fb8c44ece82d660a8dd1a02ee3add551f /src/xyz/euandreh/queue.scm | |
parent | queue.scm: Remove references to other older packages (diff) | |
download | package-repository-a7c558d85f44fe567cb458804da4eefa52efbcf2.tar.gz package-repository-a7c558d85f44fe567cb458804da4eefa52efbcf2.tar.xz |
queue.scm: Do not run saslauthd under root
Diffstat (limited to 'src/xyz/euandreh/queue.scm')
-rw-r--r-- | src/xyz/euandreh/queue.scm | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/src/xyz/euandreh/queue.scm b/src/xyz/euandreh/queue.scm index 5c76b8d..cca1354 100644 --- a/src/xyz/euandreh/queue.scm +++ b/src/xyz/euandreh/queue.scm @@ -329,7 +329,7 @@ collections.OrderedDict that works in Python 2.4-2.6.") shadow-group-configuration make-shadow-group-configuration shadow-group-configuration? - (group shadow-group-configuration-group (default "shadow"))) + (group shadow-group-configuration-group (default "etc-shadow"))) (define (shadow-group-activation config) (match-record config <shadow-group-configuration> @@ -376,10 +376,13 @@ collections.OrderedDict that works in Python 2.4-2.6.") cyrus-sasl-configuration make-cyrus-sasl-configuration cyrus-sasl-configuration? - (cyrus-sasl cyrus-sasl-configuration-cyrus-sasl (default cyrus-sasl)) - (authmech cyrus-sasl-configuration-authmech (default "shadow")) - (services cyrus-sasl-configuration-services (default '())) - (state-dir cyrus-sasl-configuration-state-dir (default "/var/lib/saslauthd"))) + (cyrus-sasl cyrus-sasl-configuration-cyrus-sasl (default cyrus-sasl)) + (user cyrus-sasl-configuration-user (default "cyrus-sasl")) + (group cyrus-sasl-configuration-group (default "cyrus-sasl")) + (extra-groups cyrus-sasl-configuration-extra-groups (default '("etc-shadow"))) + (authmech cyrus-sasl-configuration-authmech (default "shadow")) + (services cyrus-sasl-configuration-services (default '())) + (state-dir cyrus-sasl-configuration-state-dir (default "/var/lib/saslauthd"))) (define (cyrus-sasl-etc-files config) (match-record config <cyrus-sasl-configuration> @@ -408,9 +411,25 @@ collections.OrderedDict that works in Python 2.4-2.6.") "Creating Cyrus SASL socket directory: \"~a\".~%" #$state-dir) (mkdir-p #$state-dir)))) +(define (cyrus-sasl-accounts config) + (match-record config <cyrus-sasl-configuration> + (user group extra-groups) + (list + (user-account + (name user) + (group group) + (supplementary-groups extra-groups) + (comment "Cyrus SASL system user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")) + (system? #t)) + (user-group + (name group) + (system? #t))))) + (define (cyrus-sasl-shepherd-service config) (match-record config <cyrus-sasl-configuration> - (cyrus-sasl authmech state-dir) + (cyrus-sasl user group authmech state-dir) (list (shepherd-service (provision '(cyrus-sasl)) @@ -422,7 +441,9 @@ collections.OrderedDict that works in Python 2.4-2.6.") #$authmech "-d" "-m" - #$state-dir))) + #$state-dir) + #:user #$user + #:group #$group)) (stop #~(make-kill-destructor)))))) (define cyrus-sasl-service-type @@ -436,6 +457,8 @@ collections.OrderedDict that works in Python 2.4-2.6.") cyrus-sasl-activation) (service-extension profile-service-type (compose list cyrus-sasl-configuration-cyrus-sasl)) + (service-extension account-service-type + cyrus-sasl-accounts) (service-extension shepherd-root-service-type cyrus-sasl-shepherd-service))) (compose srfi-1:concatenate) |