services: Refactor opensmtpd-set-gids.

* gnu/services/mail.scm (opensmtpd-set-gids): Rewrite using MAP technology. Change-Id: I30b7eddaf64d242196b1c56f98dec42a86436c18
2024-11-07 07:26:13 -05:00 · 2024-08-18 02:00:00 +02:00 · 2024-08-18 02:00:00 +02:00 · ed3649bcce
commit ed3649bcce
parent 79833cdbc6
1 changed files with 14 additions and 31 deletions
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@ -1743,37 +1743,20 @@ (define %opensmtpd-pam-services
 (define (opensmtpd-set-gids config)
  (match-record config <opensmtpd-configuration> (package config-file setgid-commands?)
    (if setgid-commands?
-        (list
+        (map (lambda (command)
-         (privileged-program
+               (privileged-program
-          (program (file-append package "/sbin/smtpctl"))
+                (program (file-append package "/" command))
-          (setuid? #false)
+                (setgid? #t)
-          (setgid? #true)
+                (group "smtpq")))
-          (group "smtpq"))
+             (list "sbin/smtpctl"
-         (privileged-program
+
-          (program (file-append package "/sbin/sendmail"))
+                   ;; Also privilege the compatibility symlinks created by
-          (setuid? #false)
+                   ;; the Guix opensmtpd package; all synonyms for smtpctl.
-          (setgid? #true)
+                   "sbin/mailq"
-          (group "smtpq"))
+                   "sbin/makemap"
-         (privileged-program
+                   "sbin/newaliases"
-          (program (file-append package "/sbin/send-mail"))
+                   "sbin/sendmail"
-          (setuid? #false)
+                   "sbin/send-mail"))
          (setgid? #true)
          (group "smtpq"))
         (privileged-program
          (program (file-append package "/sbin/makemap"))
          (setuid? #false)
          (setgid? #true)
          (group "smtpq"))
         (privileged-program
          (program (file-append package "/sbin/mailq"))
          (setuid? #false)
          (setgid? #true)
          (group "smtpq"))
         (privileged-program
          (program (file-append package "/sbin/newaliases"))
          (setuid? #false)
          (setgid? #true)
          (group "smtpq")))
        '())))
 (define opensmtpd-service-type