Bug#851141: opendkim: please set umask to something other than the default of 0022 in systemd serice

Thu, 12 Jan 2017 03:36:29 -0800 

Package: opendkim
Version: 2.11.0~alpha-8
Severity: normal
Tags: patch


The below patch sets the umask to 0007 which permits the opendkim.conf umask
directive to allow group access to the socket file.  The default that systemd
uses is 0022 which means that group write access is denied to the socket which
prevents postfix from connecting.

Another option would be umask 0000 and allow opendkim full control over the
permissions on it's socket files.  But people who don't use SE Linux or some
other MAC system might not appreciate that.

--- opendkim.service    2017-01-12 21:41:27.638083007 +1100
+++ /lib/systemd/system/opendkim.service        2017-01-12 21:41:45.614359514 
+1100
@@ -7,6 +7,7 @@
 Type=forking
 PIDFile=/var/run/opendkim/opendkim.pid
 User=opendkim
+UMask=0007
 ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p 
local:/var/run/opendkim/opendkim.sock
 Restart=on-failure
 ExecReload=/bin/kill -USR1 $MAINPID

-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages opendkim depends on:
ii  adduser              3.115
ii  dns-root-data        2015052300+h+1
ii  init-system-helpers  1.46
ii  libbsd0              0.8.3-1
ii  libc6                2.24-8
ii  libdb5.3             5.3.28-12
ii  libldap-2.4-2        2.4.44+dfsg-2
ii  liblua5.1-0          5.1.5-8.1+b2
ii  libmemcached11       1.0.18-4.1
ii  libmemcachedutil2    1.0.18-4.1
ii  libmilter1.0.1       8.15.2-8
ii  libopendbx1          1.4.6-11
ii  libopendkim11        2.11.0~alpha-8
ii  librbl1              2.11.0~alpha-8
ii  libssl1.1            1.1.0c-2
ii  libunbound2          1.6.0-2
ii  libvbr2              2.11.0~alpha-8
ii  lsb-base             9.20161125

opendkim recommends no packages.

Versions of packages opendkim suggests:
ii  opendkim-tools  2.11.0~alpha-8
pn  unbound         <none>

-- Configuration Files:
/etc/default/opendkim changed [not included]
/etc/opendkim.conf changed [not included]

-- no debconf information

-- debsums errors found:
debsums: changed file /lib/systemd/system/opendkim.service (from opendkim 
package)
debsums: changed file /usr/lib/tmpfiles.d/opendkim.conf (from opendkim package)

Reply via email to