GNU bug report logs - #41875
[PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41875 in the body.
You can then email your comments to 41875 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire <brice <at> waegenei.re>
To: guix-patches <at> gnu.org
Subject: [PATCH] system: Add 'sg' and 'newgrp' to %SETUID-PROGRAMS.
Date: Mon, 15 Jun 2020 18:23:28 +0200

* gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.
---

Without it 'newgrp' is unusable:

--8<---------------cut here---------------start------------->8---
$ whoami
bricewge
$ cat /etc/group | grep wireshark
wireshark:x:970:bricewge
$ groups
users libvirt adbusers plugdev kvm lp netdev audio video input dialout wheel
$ newgrp wireshark
setgroups: Operation not permitted
setgid: Operation not permitted
--8<---------------cut here---------------end--------------->8---

I also added 'sg' since, in the shadow package, it's a symlink to 'newgrp'.

 gnu/system.scm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gnu/system.scm b/gnu/system.scm
index 06bbc9e9c8..3e3d1927c2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -932,7 +932,9 @@ use 'plain-file' instead~%")
   ;; Default set of setuid-root programs.
   (let ((shadow (@ (gnu packages admin) shadow)))
     (list (file-append shadow "/bin/passwd")
+          (file-append shadow "/bin/sg")
           (file-append shadow "/bin/su")
+          (file-append shadow "/bin/newgrp")
           (file-append shadow "/bin/newuidmap")
           (file-append shadow "/bin/newgidmap")
           (file-append inetutils "/bin/ping")
-- 
2.26.2

Message #10 received at 41875-done <at> debbugs.gnu.org (full text, mbox):

From: iyzsong <at> member.fsf.org (宋文武)
To: Brice Waegeneire <brice <at> waegenei.re>
Cc: 41875-done <at> debbugs.gnu.org
Subject: Re: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to
 %SETUID-PROGRAMS.
Date: Sun, 21 Jun 2020 11:36:58 +0800

Brice Waegeneire <brice <at> waegenei.re> writes:

> * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.

Pushed, thank you!

Message #13 received at 41875 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <marius <at> gnu.org>
To: Brice Waegeneire <brice <at> waegenei.re>, 41875 <at> debbugs.gnu.org
Subject: Re: [bug#41875] [PATCH] system: Add 'sg' and 'newgrp' to
 %SETUID-PROGRAMS.
Date: Mon, 22 Jun 2020 23:14:59 +0200

[Message part 1 (text/plain, inline)]

Brice Waegeneire <brice <at> waegenei.re> writes:

> * gnu/system.scm (%setuid-programs): Add 'sg' and 'newgrp'.

LGTM.  Now I can remove this bit from my system config:

(setuid-programs (append (list #~(string-append #$shadow "/bin/newgrp"))
                         %setuid-programs)))

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.