summary refs log tree commit diff
path: root/doc/guix.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi34
1 files changed, 17 insertions, 17 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 96d545698f..2aef0380fb 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -96,10 +96,9 @@ Copyright @copyright{} 2021 Domagoj Stolfa@*
 Copyright @copyright{} 2021 Hui Lu@*
 Copyright @copyright{} 2021 pukkamustard@*
 Copyright @copyright{} 2021 Alice Brenon@*
-Copyright @copyright{} 2021 Josselin Poiret@*
+Copyright @copyright{} 2021, 2022 Josselin Poiret@*
 Copyright @copyright{} 2021 Andrew Tropin@*
 Copyright @copyright{} 2021 Sarah Morgensen@*
-Copyright @copyright{} 2021 Josselin Poiret@*
 Copyright @copyright{} 2022 Remco van 't Veer@*
 Copyright @copyright{} 2022 Aleksandr Vityazev@*
 Copyright @copyright{} 2022 Philip M@sup{c}Grath@*
@@ -339,7 +338,7 @@ System Configuration
 * Keyboard Layout::             How the system interprets key strokes.
 * Locales::                     Language and cultural convention settings.
 * Services::                    Specifying system services.
-* Setuid Programs::             Programs running with root privileges.
+* Setuid Programs::             Programs running with elevated privileges.
 * X.509 Certificates::          Authenticating HTTPS servers.
 * Name Service Switch::         Configuring libc's name service switch.
 * Initial RAM Disk::            Linux-Libre bootstrapping.
@@ -15414,7 +15413,7 @@ instance to support new system services.
 * Keyboard Layout::             How the system interprets key strokes.
 * Locales::                     Language and cultural convention settings.
 * Services::                    Specifying system services.
-* Setuid Programs::             Programs running with root privileges.
+* Setuid Programs::             Programs running with elevated privileges.
 * X.509 Certificates::          Authenticating HTTPS servers.
 * Name Service Switch::         Configuring libc's name service switch.
 * Initial RAM Disk::            Linux-Libre bootstrapping.
@@ -25543,10 +25542,10 @@ The complete set of available configuration options is detailed below.
 Available @code{jami-configuration} fields are:
 
 @table @asis
-@item @code{jamid} (default: @code{libjami}) (type: package)
+@item @code{libjami} (default: @code{libjami}) (type: package)
 The Jami daemon package to use.
 
-@item @code{dbus} (default: @code{dbus}) (type: package)
+@item @code{dbus} (default: @code{dbus-for-jami}) (type: package)
 The D-Bus package to use to start the required D-Bus session.
 
 @item @code{nss-certs} (default: @code{nss-certs}) (type: package)
@@ -35202,11 +35201,11 @@ that compression will be 2:1, it is possible that uncompressable data
 can be written to swap and this is a method to limit how much memory can
 be used.  It accepts a string and can be a number of bytes or use a
 suffix, eg.: @code{"2G"}.
-@item @code{priority} (default @code{-1})
+@item @code{priority} (default @code{#f})
 This is the priority of the swap device created from the zram device.
-@code{swapon} accepts values between -1 and 32767, with higher values
-indicating higher priority.  Higher priority swap will generally be used
-first.
+@xref{Swap Space} for a description of swap priorities.  You might want
+to set a specific priority for the zram device, otherwise it could end
+up not being used much for the reasons described there.
 @end table
 
 @end deftp
@@ -35755,22 +35754,23 @@ Extra command line options for @code{nix-service-type}.
 @section Setuid Programs
 
 @cindex setuid programs
-Some programs need to run with ``root'' privileges, even when they are
+@cindex setgid programs
+Some programs need to run with elevated privileges, even when they are
 launched by unprivileged users.  A notorious example is the
 @command{passwd} program, which users can run to change their
 password, and which needs to access the @file{/etc/passwd} and
 @file{/etc/shadow} files---something normally restricted to root, for
-obvious security reasons.  To address that, these executables are
-@dfn{setuid-root}, meaning that they always run with root privileges
+obvious security reasons.  To address that, @command{passwd} should be
+@dfn{setuid-root}, meaning that it always runs with root privileges
 (@pxref{How Change Persona,,, libc, The GNU C Library Reference Manual},
 for more info about the setuid mechanism).
 
 The store itself @emph{cannot} contain setuid programs: that would be a
 security issue since any user on the system can write derivations that
 populate the store (@pxref{The Store}).  Thus, a different mechanism is
-used: instead of changing the setuid bit directly on files that are in
-the store, we let the system administrator @emph{declare} which programs
-should be setuid root.
+used: instead of changing the setuid or setgid bits directly on files that
+are in the store, we let the system administrator @emph{declare} which
+programs should be entrusted with these additional privileges.
 
 The @code{setuid-programs} field of an @code{operating-system}
 declaration contains a list of @code{<setuid-program>} denoting the
@@ -38000,7 +38000,7 @@ pointing to the given file.
 @defvr {Scheme Variable} setuid-program-service-type
 Type for the ``setuid-program service''.  This service collects lists of
 executable file names, passed as gexps, and adds them to the set of
-setuid-root programs on the system (@pxref{Setuid Programs}).
+setuid and setgid programs on the system (@pxref{Setuid Programs}).
 @end defvr
 
 @defvr {Scheme Variable} profile-service-type
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-20 13:43:33 +0000