services: sogogi: Don't run service as root.

Instead, run it as the created sogogi user. Since sogogi doesn't drop privileges by itself this requires explicitly passing the users and group via make-forkexec-constructor, which was overlooked here. Without this patch, the account created by sogogi-account-service is just not used at all, which is not what was intended here. * gnu/services/web.scm (sogogi-shepherd-service): Pass #:user as well as #:group to make-forkexec-constructor. Change-Id: Ifcb4291090e1aa6a43502c9ed581b0b0ff68a1b4 Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
author: Sören Tempel <soeren+git@soeren-tempel.net> 2026-04-23 20:59:24 +0200
committer: Liliana Marie Prikler <liliana.prikler@gmail.com> 2026-05-01 07:46:47 +0200
commit: bdd1a6655d1984538d13722ec352dd978af8384e (patch)
tree: e50db8d6759435edde0bda0808ebb66fca8a02d5
parent: e37f6d8986e2d6f34f56e8217d1010543ad6b5f3 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4d2f78bee1..6f314acad6 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -2293,7 +2293,8 @@ WSGIPassAuthorization On
             (actions (list (shepherd-configuration-action config-file)))
             (start #~(make-forkexec-constructor
                        (list (string-append #$sogogi "/bin/sogogi")
-                             "-config" #$config-file)))
+                             "-config" #$config-file)
+                       #:user "sogogi" #:group "sogogi"))
             (stop #~(make-kill-destructor))))))
 
 (define sogogi-account-service
author	Sören Tempel <soeren+git@soeren-tempel.net>	2026-04-23 20:59:24 +0200
committer	Liliana Marie Prikler <liliana.prikler@gmail.com>	2026-05-01 07:46:47 +0200
commit	bdd1a6655d1984538d13722ec352dd978af8384e (patch)
tree	e50db8d6759435edde0bda0808ebb66fca8a02d5
parent	e37f6d8986e2d6f34f56e8217d1010543ad6b5f3 (diff)