From bdd1a6655d1984538d13722ec352dd978af8384e Mon Sep 17 00:00:00 2001
From: Sören Tempel <soeren+git@soeren-tempel.net>
Date: Thu, 23 Apr 2026 20:59:24 +0200
Subject: services: sogogi: Don't run service as root.

Instead, run it as the created sogogi user. Since sogogi doesn't drop
privileges by itself this requires explicitly passing the users and
group via make-forkexec-constructor, which was overlooked here.

Without this patch, the account created by sogogi-account-service
is just not used at all, which is not what was intended here.

* gnu/services/web.scm (sogogi-shepherd-service): Pass #:user as well
as #:group to make-forkexec-constructor.

Change-Id: Ifcb4291090e1aa6a43502c9ed581b0b0ff68a1b4
Signed-off-by: Liliana Marie Prikler <liliana.prikler@gmail.com>
---
 gnu/services/web.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 4d2f78bee1..6f314acad6 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -2293,7 +2293,8 @@ WSGIPassAuthorization On
             (actions (list (shepherd-configuration-action config-file)))
             (start #~(make-forkexec-constructor
                        (list (string-append #$sogogi "/bin/sogogi")
-                             "-config" #$config-file)))
+                             "-config" #$config-file)
+                       #:user "sogogi" #:group "sogogi"))
             (stop #~(make-kill-destructor))))))
 
 (define sogogi-account-service
-- 
cgit v1.3