#18 User is in Group 80 Which Has Multiple Users

2.8.2
closed
None
5
2014-11-17
2013-11-25
No

I've compiled OpenDKIM on OS X 10.9.0, and I'm trying to get opendkim to load. Every time I run it it spits out this error:

opendkim: /usr/local/etc/opendkim/opendkim.conf: _opendkim is in group 80 which has multiple users (e.g., "dW")

Group 80 is the admin group, and there's no way _opendkim is an administrator. I can get the program to run just fine as myself (dW), but that's not ideal.

Discussion

  • Dustin Wilson

    Dustin Wilson - 2013-11-25

    Oh forgot to mention I have it configured to run as _opendkim:_opendkim.

     
  • Murray S. Kucherawy

    You need to make sure the keys are owned by the opendkim user, or owned by the superuser and in the opendkim user's group. In the latter case, no other user can be in the opendkim group. In any case, the keys must not be readable or writable by any other user.

    The filter requires that the user running the filter be the only user (other than the superuser) that can read or write the private keys. If a key file is in a group that has multiple members, the filter will decline to use that key; if one of the other users is compromised, the key is no longer safe to use.

    In your case, it looks like _opendkim and dW share a uid or a gid, and that's why the filter is complaining.

     
  • Murray S. Kucherawy

    • status: open --> pending
    • assigned_to: Murray S. Kucherawy
     
  • Dustin Wilson

    Dustin Wilson - 2013-11-26

    Thanks for your help. The problem is that _opendkim isn't in any groups other than its own _opendkim group and dW isn't a member of _opendkim nor does it share any uid or gids with it. I understand why OpenDKIM would gripe about this particular thing, but in my situation there isn't any way that particular scenario could exist.

    _opendkim is uid 244 and has a primary group of gid 245 (_opendkim) but is not a member of any other group including gid 80 (admin).
    dW is uid 501 and is a member of gid 20 (staff) but is also a member of gid 80 (admin) but is not a member of _opendkim.

    I can chown the private key to root:admin and run OpenDKIM as dW just fine, so if _opendkim really was a member of admin it would be griping about that.

     
  • Murray S. Kucherawy

    Sorry, I missed the notification that you had replied.

    What are the owner/group and permissions of the key file? The error message you're getting is given when the key file has the group read/write bits set (either or both), and the group of the key file contains multiple users.

    The error message is also saying the key file is called "_opendkim" (rather than a full path to a key file), so I wonder if there's a configuration problem someplace. Could you attach your opendkim.conf file?

     
  • Murray S. Kucherawy

    ping?

     
  • Murray S. Kucherawy

    Abandoned.

     
  • Murray S. Kucherawy

    • status: pending --> closed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks