On 12/3/11 3:23 PM, David F. Skoll wrote: > On Sat, 03 Dec 2011 15:18:48 -0700 > Philip Prindeville <[email protected]> wrote: > >> On Fedora and Centos, I'm seeing the socket being created as >> rwxr-x--- (0750). > >> To use it with postfix as a member in the defang group, it should be >> created as 0660 instead. > > Is that patch really necessary? Doesn't bind(2) respect the umask? > > Regards, > > David.
Actually, the utils.c patch can be skipped on Fedora and Centos, I think, since they both use smfi_opensocket(). Quoting the milter man pages: http://docstore.mik.ua/manuals/hp-ux/en/B2355-60130/smfi_setconn.3N.html Notes Filters must not be run as root when communicating over UNIX/local domain sockets. The permissions for UNIX/local sockets must be set to 0600 (read/write permission only for the owner of the socket) or 0660 (read/write permission for the owner and group of the socket). These permissions are useful when the sendmail RunAsUser option is used. The permissions for a UNIX/local domain socket are determined using the the umask command, which must be set to 007 or 077. Some operating systems, such as Solaris, do not use the permissions of the socket. Therefore, place the socket in a protected directory in such systems. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
