Next: , Previous: , Up: System Configuration   [Contents][Index]

12.10 Setuid Programs

Some programs need to run with elevated privileges, even when they are launched by unprivileged users. A notorious example is the passwd program, which users can run to change their password, and which needs to access the /etc/passwd and /etc/shadow files—something normally restricted to root, for obvious security reasons. To address that, passwd should be setuid-root, meaning that it always runs with root privileges (see How Change Persona in The GNU C Library Reference Manual, for more info about the setuid mechanism).

The store itself cannot contain setuid programs: that would be a security issue since any user on the system can write derivations that populate the store (see The Store). Thus, a different mechanism is used: instead of changing the setuid or setgid bits directly on files that are in the store, we let the system administrator declare which programs should be entrusted with these additional privileges.

The setuid-programs field of an operating-system declaration contains a list of <setuid-program> denoting the names of programs to have a setuid or setgid bit set (see Using the Configuration System). For instance, the mount.nfs program, which is part of the nfs-utils package, with a setuid root can be designated like this: 

(setuid-program
  (program (file-append nfs-utils "/sbin/mount.nfs")))

And then, to make mount.nfs setuid on your system, add the previous example to your operating system declaration by appending it to %setuid-programs like this: 

(operating-system
  ;; Some fields omitted...
  (setuid-programs
    (append (list (setuid-program
                    (program (file-append nfs-utils "/sbin/mount.nfs"))))
            %setuid-programs)))
Data Type: setuid-program

This data type represents a program with a setuid or setgid bit set.

program

A file-like object having its setuid and/or setgid bit set.

setuid? (default: #t)

Whether to set user setuid bit.

setgid? (default: #f)

Whether to set group setgid bit.

user (default: 0)

UID (integer) or user name (string) for the user owner of the program, defaults to root.

group (default: 0)

GID (integer) goup name (string) for the group owner of the program, defaults to root.

A default set of setuid programs is defined by the %setuid-programs variable of the (gnu system) module.

Scheme Variable: %setuid-programs

A list of <setuid-program> denoting common programs that are setuid-root.

The list includes commands such as passwd, ping, su, and sudo.

Under the hood, the actual setuid programs are created in the /run/setuid-programs directory at system activation time. The files in this directory refer to the “real” binaries, which are in the store.

Next: X.509 Certificates, Previous: Services, Up: System Configuration   [Contents][Index]