opendkim permission issue ;-( please advice

Marcin Kozyra asked:

I get permission denied for run/opendkim/opendkim.soc

owner of the filles /opendkim is opendkim:opendkim if I change it to opendkim:postfix with chmod 770 it works but after the restart owner of the files goes back to openkim:opendkim.

Adding postfix to opendkim group gives error that keys have multiple users assigned to them. Changing userid in postfix.conf to opendkim:postfix does not work files keep getting changed to opendkim:opendkim.

drwxrwxr-x. 2 opendkim opendkim 80 Jul 21 16:08 .
drwxr-xr-x. 37 root root 1180 Jul 21 16:02 ..
-rw-r–r–. 1 opendkim opendkim 5 Jul 21 16:08 opendkim.pid
srwxrwxr-x. 1 opendkim opendkim 0 Jul 21 16:08 opendkim.sock

postfix user is part of opendkim group postfix/smtps/smtpd[1486]: warning: connect to Milter service unix:/run/opendmarc/opendmarc.sock: Permission denied

fedora 28 fully updated.

Please advice.

My answer:


The opendkim package includes a systemd-tmpfiles configuration which creates the /run/opendkim directory at startup and sets its ownership and permissions.

[[email protected] ~]# cat /etc/tmpfiles.d/opendkim.conf
D /var/run/opendkim 0700 opendkim opendkim -

According to the tutorial linked from the README.fedora shipped with the package, you’re meant to have Postfix talk to OpenDKIM over a local TCP socket on port 8891, not via its UNIX socket. So there is no need to alter the permissions of the temporary directory. You do need to alter your Postfix main.cf though:

smtpd_milters           = inet:127.0.0.1:8891

You also should return the opendkim configuration to its shipped default.

##  Create a socket through which your MTA can communicate.
Socket  inet:[email protected]

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.