glts/spamassassin-milter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

setting unix socket mode? #2

New issue
Closed
opened 2020-06-10 14:21:51 +00:00 by pgnd · 3 comments
pgnd commented 2020-06-10 14:21:51 +00:00 (Migrated from gitlab.com)
Copy link

when launched via systemd .service as

ExecStart=/usr/local/sbin/spamassassin-milter unix:/run/sa-milter/sa-milter.sock

the socket is, by default, created with 755 perms

ls -alR /run/sa-milter/
	/run/sa-milter/:
	total 0
	drwxrwxr-x  2 sa-milter sa-milter        60 Jun 10 07:08 ./
	drwxr-xr-x 48 root      root           1.4K Jun 10 07:09 ../
	srwxr-xr-x  1 sa-milter sa-milter         0 Jun 10 07:08 sa-milter.sock=

that's too loose, and iiuc, the executable's unnecessary.

how's socket mode controlled for sa-milter?

is there a start parameter?

it can be changed with an ExecStartPost in the service file

or, a .socket file can be created, but that seems unnecessarily messy.

when launched via systemd .service as ``` ExecStart=/usr/local/sbin/spamassassin-milter unix:/run/sa-milter/sa-milter.sock ``` the socket is, by default, created with 755 perms ``` ls -alR /run/sa-milter/ /run/sa-milter/: total 0 drwxrwxr-x 2 sa-milter sa-milter 60 Jun 10 07:08 ./ drwxr-xr-x 48 root root 1.4K Jun 10 07:09 ../ srwxr-xr-x 1 sa-milter sa-milter 0 Jun 10 07:08 sa-milter.sock= ``` that's too loose, and iiuc, the executable's unnecessary. how's socket mode controlled for sa-milter? is there a start parameter? it _can_ be changed with an ExecStartPost in the service file or, a .socket file can be created, but that seems unnecessarily messy.
glts commented 2020-06-10 19:08:26 +00:00 (Migrated from gitlab.com)
Copy link

The milter library does not itself set socket permissions, it simply creates the file with the current umask (and user).

For systemd, you can set the umask in the service file. This is what I use:

[Unit]
Description=SpamAssassin Milter

[Service]
User=spamassassin-milter
UMask=007
ExecStart=/home/ubuntu/.cargo/bin/spamassassin-milter unix:/var/spool/postfix/spamassassin/spamassassin.sock
Restart=on-failure

[Install]
WantedBy=multi-user.target
The milter library does not itself set socket permissions, it simply creates the file with the current umask (and user). For systemd, you can set the umask in the service file. This is what I use: ``` [Unit] Description=SpamAssassin Milter [Service] User=spamassassin-milter UMask=007 ExecStart=/home/ubuntu/.cargo/bin/spamassassin-milter unix:/var/spool/postfix/spamassassin/spamassassin.sock Restart=on-failure [Install] WantedBy=multi-user.target ```
pgnd commented 2020-06-12 16:17:10 +00:00 (Migrated from gitlab.com)
Copy link

using

UMask = 0117

indeed results in intended

srw-rw----  1 sa-milter sa-milter    0 Jun 12 08:49 sa-milter.sock=
using ``` UMask = 0117 ``` indeed results in intended ``` srw-rw---- 1 sa-milter sa-milter 0 Jun 12 08:49 sa-milter.sock= ```
pgnd commented 2020-06-12 16:17:11 +00:00 (Migrated from gitlab.com)
Copy link

closed

closed
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
synth-relay
0.4.0
0.3.2
0.3.1
0.3.0
0.2.1
0.2.0
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
Labels
Clear labels   
bug

   
enhancement

   
suggestion

   
support
No labels
bug
enhancement
suggestion
support
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: glts/spamassassin-milter#2
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?