Re: OK to set /var/run/opendkim to group accessible and executable?

From: Patrick Laimbock <patrick_at_laimbock.com>
Date: Fri, 27 Mar 2015 07:27:59 +0100

Hi Steve,

On 26-03-15 23:19, Steve Jenkins wrote:
> List seems quiet lately...
>
> I posted this a while back:
>
> http://lists.opendkim.org/archive/opendkim/dev/2015/03/2039.html
>
> But didn't get any response. To recap, someone is suggesting that the
> /var/run/opendkim directory (which holds the opendkim.pid file) be 775
> instead of 755.

I have that dir as 750:

drwxr-x---. 2 opendkim mail 4096 mrt 24 00:05 opendkim

> Apparently this helps with configs where the MTA user (sendmail,postfix,
> etc.) is in the opendkim group.

I use OpenDKIM with Postfix and made that dir owned by opendkim:mail so
don't see the issue but maybe that's just my setup.

> Can anyone see any security or performance issue with allowing
> /var/run/opendkim to be 775 instead of 755?

I don't see why there would be any performance issues but I prefer
minimal rights so I would go for 750 if possible.

Best,
Patrick
Received on Fri Mar 27 2015 - 06:28:17 PST

This archive was generated by hypermail 2.3.0 : Fri Mar 27 2015 - 06:36:00 PST