> -----Original Message-----
> From: Howard Chu
> Sent: Tuesday, September 28, 2021 4:09 PM
>
> Jason Pyeron wrote:
> > I am trying to understand why group and other permissions are set to 6.
>
> On some platforms the permission bits on sockets are completely ignored. The
> only way to control access is thru the permissions of the containing
> directory.
>From that logic, 0600 is "much safer" when it is possible, and no worse when
>it is ignored.
I would assume it is the responsibility of the distribution or systems
administrator to ensure the parent directory is secure. But even then if a path
traversal is allowed, 0666 is begging to be a potential for abuse.
> >
> > Would it not be best if it were 0600? Are there side effects of doing so?
Maybe the above explains better why I asked if there are side effects postfix
is concerned with if 0600 is used.
> >
> > $ cat src/util/unix_listen.c –n
> > …
> > 95 #ifdef FCHMOD_UNIX_SOCKETS
> > 96 if (fchmod(sock, 0666) < 0)
> > 97 msg_fatal("fchmod socket %s: %m", addr);
> > 98 #else
> > 99 if (chmod(addr, 0666) < 0)
> > 100 msg_fatal("chmod socket %s: %m", addr);
> > 101 #endif
> >
-Jason
