Bug 1744391

Summary: opendkim socket directory permissions too restrictive
Product: [Fedora] Fedora EPEL Reporter: IanB <bugzilla.blk>
Component: opendkimAssignee: Tomas Korbar <tkorbar>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: anon.amish, stefano.biagiotti, steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opendkim-2.11.0-0.17.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-24 08:37:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description IanB 2019-08-22 04:54:20 UTC 
Description of problem:

opendkim socket is not accessible by other users in the 'opendkim' group as /var/run/opendkim permissions are rwx------ 

This causes, for example, Postfix to error with "warning: connect to Milter service unix:/var/run/opendkim/opendkim.sock: Permission denied"

It can be temporarily fixed by changing /var/run/opendkim permissions to rwxr-x--- however these permissions are reset upon boot due to /etc/tmpfiles.d/opendkim.conf:

D /var/run/opendkim 0700 opendkim opendkim -


Version-Release number of selected component (if applicable):

opendkim-2.11.0


How reproducible:

always after reboot


Steps to Reproduce:
1. configure opendkim
2. configure Postfix to be in the 'opendkim' group and reference socket file
3. fix socket directory permissions
4. reboot server

Actual results:

socket directory permissions have been reverted to exclude Postfix from accessing socket.

Expected results:

socket directory permissions should not be reset


Additional info:
Comment 1 Fedora Admin XMLRPC Client 2020-02-06 04:14:18 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 2 Tomas Korbar 2020-06-24 08:37:47 UTC 
Changed permissions of the folder in rawhide to 0750.
Comment 3 Fedora Update System 2020-12-18 05:07:36 UTC 
FEDORA-EPEL-2020-d4bfeb1f04 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d4bfeb1f04
Comment 4 Fedora Update System 2020-12-19 01:49:35 UTC 
FEDORA-EPEL-2020-d4bfeb1f04 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d4bfeb1f04

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2021-01-03 00:32:06 UTC 
FEDORA-EPEL-2020-d4bfeb1f04 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.