aboutsummaryrefslogtreecommitdiff
path: root/src/xyz/euandreh
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2022-11-30 17:37:07 -0300
committerEuAndreh <eu@euandre.org>2022-11-30 17:37:07 -0300
commita7c558d85f44fe567cb458804da4eefa52efbcf2 (patch)
treebc69d41fb8c44ece82d660a8dd1a02ee3add551f /src/xyz/euandreh
parentqueue.scm: Remove references to other older packages (diff)
downloadpackage-repository-a7c558d85f44fe567cb458804da4eefa52efbcf2.tar.gz
package-repository-a7c558d85f44fe567cb458804da4eefa52efbcf2.tar.xz
queue.scm: Do not run saslauthd under root
Diffstat (limited to 'src/xyz/euandreh')
-rw-r--r--src/xyz/euandreh/queue.scm37
1 files changed, 30 insertions, 7 deletions
diff --git a/src/xyz/euandreh/queue.scm b/src/xyz/euandreh/queue.scm
index 5c76b8d..cca1354 100644
--- a/src/xyz/euandreh/queue.scm
+++ b/src/xyz/euandreh/queue.scm
@@ -329,7 +329,7 @@ collections.OrderedDict that works in Python 2.4-2.6.")
shadow-group-configuration
make-shadow-group-configuration
shadow-group-configuration?
- (group shadow-group-configuration-group (default "shadow")))
+ (group shadow-group-configuration-group (default "etc-shadow")))
(define (shadow-group-activation config)
(match-record config <shadow-group-configuration>
@@ -376,10 +376,13 @@ collections.OrderedDict that works in Python 2.4-2.6.")
cyrus-sasl-configuration
make-cyrus-sasl-configuration
cyrus-sasl-configuration?
- (cyrus-sasl cyrus-sasl-configuration-cyrus-sasl (default cyrus-sasl))
- (authmech cyrus-sasl-configuration-authmech (default "shadow"))
- (services cyrus-sasl-configuration-services (default '()))
- (state-dir cyrus-sasl-configuration-state-dir (default "/var/lib/saslauthd")))
+ (cyrus-sasl cyrus-sasl-configuration-cyrus-sasl (default cyrus-sasl))
+ (user cyrus-sasl-configuration-user (default "cyrus-sasl"))
+ (group cyrus-sasl-configuration-group (default "cyrus-sasl"))
+ (extra-groups cyrus-sasl-configuration-extra-groups (default '("etc-shadow")))
+ (authmech cyrus-sasl-configuration-authmech (default "shadow"))
+ (services cyrus-sasl-configuration-services (default '()))
+ (state-dir cyrus-sasl-configuration-state-dir (default "/var/lib/saslauthd")))
(define (cyrus-sasl-etc-files config)
(match-record config <cyrus-sasl-configuration>
@@ -408,9 +411,25 @@ collections.OrderedDict that works in Python 2.4-2.6.")
"Creating Cyrus SASL socket directory: \"~a\".~%" #$state-dir)
(mkdir-p #$state-dir))))
+(define (cyrus-sasl-accounts config)
+ (match-record config <cyrus-sasl-configuration>
+ (user group extra-groups)
+ (list
+ (user-account
+ (name user)
+ (group group)
+ (supplementary-groups extra-groups)
+ (comment "Cyrus SASL system user")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin"))
+ (system? #t))
+ (user-group
+ (name group)
+ (system? #t)))))
+
(define (cyrus-sasl-shepherd-service config)
(match-record config <cyrus-sasl-configuration>
- (cyrus-sasl authmech state-dir)
+ (cyrus-sasl user group authmech state-dir)
(list
(shepherd-service
(provision '(cyrus-sasl))
@@ -422,7 +441,9 @@ collections.OrderedDict that works in Python 2.4-2.6.")
#$authmech
"-d"
"-m"
- #$state-dir)))
+ #$state-dir)
+ #:user #$user
+ #:group #$group))
(stop #~(make-kill-destructor))))))
(define cyrus-sasl-service-type
@@ -436,6 +457,8 @@ collections.OrderedDict that works in Python 2.4-2.6.")
cyrus-sasl-activation)
(service-extension profile-service-type
(compose list cyrus-sasl-configuration-cyrus-sasl))
+ (service-extension account-service-type
+ cyrus-sasl-accounts)
(service-extension shepherd-root-service-type
cyrus-sasl-shepherd-service)))
(compose srfi-1:concatenate)