Hey, Patrick!
I agree - I prefer the minimal required permissions, too. This "issue"
(seen here:
https://bugzilla.redhat.com/show_bug.cgi?id=1120080) is because
the dude apparently had a need to add the postfix user to the opendkim
group, and without 775 permissions (or at least 770 permissions), it
doesn't seem to work. See his comment #8.
Thoughts on what he's trying to do?
SteveJ
On Thu, Mar 26, 2015 at 11:27 PM, Patrick Laimbock <patrick_at_laimbock.com>
wrote:
> Hi Steve,
>
> On 26-03-15 23:19, Steve Jenkins wrote:
>
>> List seems quiet lately...
>>
>> I posted this a while back:
>>
>> http://lists.opendkim.org/archive/opendkim/dev/2015/03/2039.html
>>
>> But didn't get any response. To recap, someone is suggesting that the
>> /var/run/opendkim directory (which holds the opendkim.pid file) be 775
>> instead of 755.
>>
>
> I have that dir as 750:
>
> drwxr-x---. 2 opendkim mail 4096 mrt 24 00:05 opendkim
>
> Apparently this helps with configs where the MTA user (sendmail,postfix,
>> etc.) is in the opendkim group.
>>
>
> I use OpenDKIM with Postfix and made that dir owned by opendkim:mail so
> don't see the issue but maybe that's just my setup.
>
> Can anyone see any security or performance issue with allowing
>> /var/run/opendkim to be 775 instead of 755?
>>
>
> I don't see why there would be any performance issues but I prefer minimal
> rights so I would go for 750 if possible.
>
> Best,
> Patrick
>
>
Received on Sun Mar 29 2015 - 05:57:57 PST