From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 22 14:31:48 2022 Received: (at 57283) by debbugs.gnu.org; 22 Sep 2022 18:31:48 +0000 Received: from localhost ([127.0.0.1]:38520 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1obQzE-0006B2-Dv for submit@debbugs.gnu.org; Thu, 22 Sep 2022 14:31:48 -0400 Received: from linode.us-core.com ([23.239.4.72]:54116) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1obQzB-0006At-IF for 57283@debbugs.gnu.org; Thu, 22 Sep 2022 14:31:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=trg5thP29dCKluS uVxHSZyyaor50n0pL9po268YHlns=; h=date:subject:cc:to:from; d=lease-up.com; b=XkgXWB/3/JJGIPNr5m8I5mTLFbloQTXZpMo4/NgdQjmPglLhJ+LE RjxTGIKmRZgaomdeNSK0ief0nGah34wDHCKfr43hL0enRBoED+LBLW71hLse0Ujd5LqBJN wYT/acxF+r4X11RMs+PPBkl1vyvSmII0SxSZYZH4ucR1aJW48= Received: by localhost (OpenSMTPD) with ESMTPSA id 0641eb34 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Thu, 22 Sep 2022 18:31:44 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 7ce3f692; Thu, 22 Sep 2022 18:31:43 +0000 (UTC) From: Felix Lechner To: 57283@debbugs.gnu.org Subject: opensmtpd: permission issue while trying to deliver messages to mboxes in /var/mail Date: Thu, 22 Sep 2022 11:31:43 -0700 Message-ID: <87sfkjz2eo.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.2 (/) X-Debbugs-Envelope-To: 57283 Cc: semente <29299+vp99lgom@posteo.net> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) Hi, Based on friendly advice offered on IRC, I believe I more or lessaddressed the setgid issue with the system declaration below. The issue I still have is that the adjusted gids appear to be effective only for users but not for the smtpd process itself. As a result, smtpd could not deliver an offline message that was created by a setup error. It resulted in this warning on startup: # smtpd -d -f smtpd.conf info: OpenSMTPD 6.8.0p2 starting sendmail: this program must be setgid smtpq warn: smtpd: couldn't enqueue offline message /var/spool/smtpd/offline/1663868496.XXXXt611BF; smtpctl exited abnormally I tried that inside 'guix shell smtpd' and without. Then I deleted the queued message and resent it. Alas, the reporting party may find this solution insufficient, as well. Perhaps the local mail delivery they hope to achieve is affected like the local retrieval that remains broken for me. (I use a relay.) Either way, I hope this message is somewhat helpful. Kind regards Felix Lechner * * * (use-modules (gnu packages mail) (gnu system setuid)) (operating-system ... (setuid-programs (append (list (setuid-program (program (file-append opensmtpd "/sbin/smtpctl")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/sendmail")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/send-mail")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/makemap")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/mailq")) (setuid? #false) (setgid? #true) (group "smtpq")) (setuid-program (program (file-append opensmtpd "/sbin/newaliases")) (setuid? #false) (setgid? #true) (group "smtpq"))) %setuid-programs)) (services (append (list ... (service opensmtpd-service-type (opensmtpd-configuration (config-file (plain-file "opensmtpd-configuration" " [YOUR SMTPD CONFIG TEXT GOES HERE] "))))))))