1 files changed, 9 insertions, 4 deletions

diff --git a/tw/services/mail.scm b/tw/services/mail.scm
index 2eb5c435..59cb1bf2 100644
--- a/tw/services/mail.scm
+++ b/tw/services/mail.scm
@@ -16,12 +16,17 @@
 (define-configuration/no-serialization mta-configuration
   (host-name string "The system's host name, which is needed by nullmailer.")
   (user (string "mail") "The UNIX user name to allocate for the MTA.")
+  ;; Setuid programs are created before user accounts.  When we first activate
+  ;; this service, the "mail" user does not exist and if we try to make
+  ;; `privileged-program' use it as a string, it fails.
+  (user-id (integer 469) "The user ID of the UNIX user to create.  This ID
+must be known in order to install the setuid programs.")
   (group (string "mail") "The UNIX user group to allocate for the MTA."))
 
 (define (mta-accounts config)
-  (match-record config <mta-configuration> (user group)
+  (match-record config <mta-configuration> (user user-id group)
     (list (user-account
-           (name user) (group group) (system? #t)
+           (name user) (group group) (uid user-id) (system? #t)
            (comment "Nullmailer daemon user")
            (home-directory "/var/spool/nullmailer")
            (shell (file-append shadow "/sbin/nologin")))
@@ -37,11 +42,11 @@
   ;; Allow any user to send mail.  This also prevents annoying failures
   ;; when root tries to send mail, since nullmailer-send cannot read the
   ;; messages it puts in the queue with 0600 permissions.
-  (match-record config <mta-configuration> (user)
+  (match-record config <mta-configuration> (user-id)
     (map (lambda (prog)
            (privileged-program
             (program (file-append nullmailer prog))
-            (setuid? #t) (user user)))
+            (setuid? #t) (user user-id)))
          '("/sbin/sendmail" "/bin/mailq"))))
 
 (define (mta-shepherd-services config)