Re: 2.8.0 and newly strict checking
Hi Doug,
At 16:36 02-03-2013, Doug Barton wrote:
>I read the prior thread on this in the archive, but I cannot see
>where I am getting tripped up:
>
>ls -ld / /var /var/db /var/db/opendkim
>drwxr-xr-x 17 root wheel 512 Feb 16 06:05 /
>drwxr-xr-x 27 root wheel 512 Feb 16 06:06 /var
>drwxr-xr-x 13 root wheel 512 Mar 3 00:06 /var/db
>drwx------ 2 root wheel 512 Mar 3 00:02 /var/db/opendkim
The above looks fine. Here's a patch to debug a directory-related problem:
--- opendkim/opendkim.c.orig 2013-02-25 13:02:41.000000000 -0800
+++ opendkim/opendkim.c 2013-03-03 02:17:01.000000000 -0800
_at_@ -4904,7 +4904,10 @@
status = dkimf_checkfsnode((const char *) partial,
myuid, myname, ino);
if (status != 1)
+ {
+ syslog(LOG_ERR, "not secure path %s", partial);
return status;
+ }
if (partial[1] != '\0')
strlcat(partial, "/", sizeof partial);
>ls -la /var/db/opendkim
>total 16
>drwx------ 2 root wheel 512 Mar 3 00:02 .
>drwxr-xr-x 13 root wheel 512 Mar 3 00:06 ..
>-r-------- 1 opendkim mail 887 Jan 6 06:34 dougbarton.us.private
>-r-------- 1 opendkim mail 329 Jan 6 06:34 dougbarton.us.txt
>
>id opendkim
>uid=1002(opendkim) gid=6(mail) groups=6(mail)
>
>And yet I still get this:
>
>opendkim -l -u opendkim -P /var/run/milteropendkim/pid -x
>/usr/local/etc/mail/opendkim.conf
>opendkim: /usr/local/etc/mail/opendkim.conf:
>/var/db/opendkim/dougbarton.us.private: key data is not secure
>
>I also tried ownership of opendkim:mail for /var/db/opendkim, same
>result; as well as various of root:mail root:wheel, etc. for the
>.private file itself.
Try opendkim as the owner and wheel as the group, with read/write for
the owner of dougbarton.us.private.
I'll leave it to Murray to suggest the correct fix as I could not
spot the problem between the code and the above permissions.
Regards,
-sm
Received on Sun Mar 03 2013 - 10:44:34 PST
This archive was generated by hypermail 2.3.0
: Sun Mar 03 2013 - 10:54:01 PST