On Mon, 25 Jun 2007, Mike Markley wrote: > My other question: chmod vs. umask? My primary concern with using umask > to force the socket to be group-writable is that it (should) impact any > other file the filter creates, including stats and debug files, but that > sounds like a pretty low risk to me. Having never run a Milter under > Postfix, I have no idea what best practice is (although I did note at > least one vote in favor of chmod).
The socket is created using only umask by the bind() call in listener.c. The only other files created are: - temp files in libdkim, if needed because DKIM_LIBFLAGS_TMPFILES or DKIM_LIBFLAGS_KEEPFILES is set; these are created by a call to mkstemp() which (according to the man pages) forces the mode to 0600 so the umask doesn't matter - the cache database in libdkim, if _FFR_QUERY_CACHE is enabled and the cache gets big enough to require a backing store file be created; it's unclear whether the mode of this is forced to 0600 or not (I think it is), but nothing other than dkim-filter needs to access this (and I believe it's unlinked immediately on creation anyway) - the stats database in dkim-filter, which must be created with permissions such that someone running dkim-stats can read the database If we can come up with a use case in which the current implementation is insufficient, I can possibly justify a patch of some kind to libmilter. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
