Программы setuid (Руководство по GNU Guix)

10.10 Программы setuid

Some programs need to run with “root” privileges, even when they are launched by unprivileged users. A notorious example is the passwd program, which users can run to change their password, and which needs to access the /etc/passwd and /etc/shadow files—something normally restricted to root, for obvious security reasons. To address that, these executables are setuid-root, meaning that they always run with root privileges (see How Change Persona in The GNU C Library Reference Manual, for more info about the setuid mechanism).

The store itself cannot contain setuid programs: that would be a security issue since any user on the system can write derivations that populate the store (see Хранилище). Thus, a different mechanism is used: instead of changing the setuid bit directly on files that are in the store, we let the system administrator declare which programs should be setuid root.

The setuid-programs field of an operating-system declaration contains a list of <setuid-program> denoting the names of programs to have a setuid or setgid bit set (see Использование системы конфигурации). For instance, the mount.nfs program, which is part of the nfs-utils package, with a setuid root can be designated like this:

(setuid-program
  (program (file-append nfs-utils "/sbin/mount.nfs")))

And then, to make mount.nfs setuid on your system, add the previous example to your operating system declaration by appending it to %setuid-programs like this:

(operating-system
  ;; Some fields omitted...
  (setuid-programs
    (append (list (setuid-program
                    (program (file-append nfs-utils "/sbin/mount.nfs"))))
            %setuid-programs)))

Data Type: setuid-program

This data type represents a program with a setuid or setgid bit set.

program: A file-like object having its setuid and/or setgid bit set.
setuid? (default: #t): Whether to set user setuid bit.
setgid? (default: #f): Whether to set group setgid bit.
user (default: 0): UID (integer) or user name (string) for the user owner of the program, defaults to root.
group (default: 0): GID (integer) goup name (string) for the group owner of the program, defaults to root.

A default set of setuid programs is defined by the %setuid-programs variable of the (gnu system) module.

Scheme Variable: %setuid-programs

A list of <setuid-program> denoting common programs that are setuid-root.

The list includes commands such as passwd, ping, su, and sudo.

Under the hood, the actual setuid programs are created in the /run/setuid-programs directory at system activation time. The files in this directory refer to the “real” binaries, which are in the store.