chown local socket fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy-milter |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
In Debian 10.1, dkimpy-
When I use a local socket, service fails to start.
The reason is we try to chwon the socket file, before its created.
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
Oct 24 19:47:19 localhost dkimpy-
I agree on the bug, but not the solution. It turns out that libmilter will handle this itself based on umask:
https:/ /www.mirbsd. org/htman/ i386/manDOCS/ milter/ smfi_setconn. html
The default uMask setting should yield an appropriately owned socket. I think we can just drop own_socketfile( milterconfig) completely. The reason why your patch appears to work is that the permissions have already been set by the time own_socketfile( milterconfig) is run. Since the milter has already dropped privileges at that point, if the socket was still root owned, it would fail.
Thanks for the feedback. There's already a pending update in Debian (to 1.0.2) that doesn't address this issue, so don't be surprised when you get an update and this isn't fixed.