[Mimedefang] Clamd permissions on Centos with mimedefang

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Jan 16 15:50:28 EST 2012


I'm confused.  So your patch adds:

    mode_t my_umask = 077;
...
        switch (c) {
        case 'G':
            my_umask = 007;
            break;
...

but then you have:

    umask(my_umask);
    (void) smfi_opensocket(1);
    umask(077);

so you then undo whatever configurability "my_umask" might have given via the -G option.

Why not just remove the:

    umask(077);

altogether and leave the "my_umask" permissions in effect permanently?  Or better yet, change it to:

    umask(my_umask);
    (void) smfi_opensocket(1);
    my_umask |= 020;
    umask(my_umask);

and have the socket be group-writable, but leave the spool files being group-readable?

-Philip


On 1/13/12 4:44 PM, David F. Skoll wrote:
> On Sun, 15 Jan 2012 13:53:38 -0700
> Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
> 
>> Quoting mkdir(2):
> 
> No need... I get it.  My point is I don't want to make the
> files group-readable by default.  I only want it to happen if the
> -G flag is given, and that's the change I've committed internally
> and that will be in the next release (or next beta.)



More information about the MIMEDefang mailing list