RE: opendkim-testkey: keypermissions

From: Andreas Schulze <sca_at_andreasschulze.de>
Date: Mon, 13 Sep 2010 16:29:15 +0200

>> From: Andreas Schulze <sca_at_andreasschulze.de>

>> I run opendkim as user dkim, group dkim.
>> For Security reasons, I usualy set restictive permissions to keyfiles.
>> Owner: root / Group: dkim / Permissions: 0440
>>
>> opendkim-testkeys warns me about WARNING: unsafe permissions
>>
>> I like the idee to let keyfiles not owned by the processusers
>> but make them readable via grouprights.
>>
>> Is it realy safer if a processuserid owns a keyfile?

> From: Murray S. Kucherawy <msk_at_cloudmark.com>

> Opendkim doesn't know what other users might be in the "dkim" group,
> and rather than scan the password and groups file to sort that out, it simply issues that warning.
Ok, so my setup is as safe as yours if there is no other user und the group.

> Would you like to have a flag to suppress the warning?
No, I can live with a warning.

Listrelated Problem:
I can sent to the list but do not receive your resopnses.
I just saw your answer at the List Archive.
Comparing with my logs was a little pain because every mail in
http://lists.opendkim.org/archive/opendkim/dev/2010/09/index.html
is timestamped as PST. ( UTC would be correct I think ) ...

-- 
########################################################################
#
# Andreas Schulze
# https://andreasschulze.de
# 
# GnuPG Key-ID: A7DBA67F, https://andreasschulze.de/sca.asc
# GnuPG Fingerprint: 14C1 39A8 CE6D 6BE0 28C6 5652 03B5 6793 A7DB A67F
#
# $Id: .signature,v 1.3 2007-12-27 21:13:36 sca Exp $
########################################################################
Received on Mon Sep 13 2010 - 14:29:03 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:32:54 PST