[Mimedefang] Patch: set rw-rw---- (0660) on mimedefang.sock

Philip Prindeville philipp_subx at redfish-solutions.com
Sat Dec 3 20:48:35 EST 2011

On 12/3/11 3:23 PM, David F. Skoll wrote:
> On Sat, 03 Dec 2011 15:18:48 -0700
> Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>> On Fedora and Centos, I'm seeing the socket being created as
>> rwxr-x--- (0750).
>> To use it with postfix as a member in the defang group, it should be
>> created as 0660 instead.
> Is that patch really necessary?  Doesn't bind(2) respect the umask?
> Regards,
> David.

Actually, the utils.c patch can be skipped on Fedora and Centos, I think, since they both use smfi_opensocket().

Quoting the milter man pages:



Filters must not be run as root when communicating over UNIX/local domain sockets.

The permissions for UNIX/local sockets must be set to 0600 (read/write permission only for the owner of the socket) or 0660 (read/write permission for the owner and group of the socket). These permissions are useful when the sendmail RunAsUser option is used.

The permissions for a UNIX/local domain socket are determined using the the umask command, which must be set to 007 or 077.

Some operating systems, such as Solaris, do not use the permissions of the socket. Therefore, place the socket in a protected directory in such systems.

More information about the MIMEDefang mailing list