-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document DKIM support and fix permissions bug #27
Conversation
d5266ed
to
c661e86
Compare
Thank you for the pull request. I particularly appreciate the enrichment of the documentation. I would prefer however, instead of changing permissions on the fly, to have the file directly with the right permissions. For this to work, the file should have group id
My suggestion, therefore, is to add two extra steps to the documentation (after generating the keys): chown :101 rsa.private
chmod 640 rsa.private |
Thanks for the fast review and for maintaining this useful container! I had considered the approach you suggested and decided against it because openssl writes rsa.private with 600 (as recommended at http://linuxcommand.org/lc3_man_pages/ssh1.html). Given that, weakening the permissions outside the container seems unnecessarily less secure, no? |
Hi again, Thinking about this:
The approach with the bind mount will actually change the permissions of the file on disk, if implemented like this. I'll make a suggestion to the code, to handle this differently. Basically, if a certain file exists at start, to copy it with the right permissions inside the container. |
README.md
Outdated
image: "ixdotai/smtp" | ||
volumes: | ||
- ./config/ixdotai-smtp/config:/etc/exim4/_docker_additional_macros:ro | ||
- ./config/ixdotai-smtp/rsa.private:/etc/exim4/domain.key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- ./config/ixdotai-smtp/rsa.private:/etc/exim4/domain.key | |
- ./config/ixdotai-smtp/rsa.private:/etc/exim4/private.key |
entrypoint.sh
Outdated
if [ -f /etc/exim4/domain.key ]; then | ||
chgrp Debian-exim /etc/exim4/domain.key | ||
chmod 640 /etc/exim4/domain.key | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if [ -f /etc/exim4/domain.key ]; then | |
chgrp Debian-exim /etc/exim4/domain.key | |
chmod 640 /etc/exim4/domain.key | |
fi | |
if [ -f /etc/exim4/private.key ]; then | |
cp /etc/exim4/private.key /etc/exim4/domain.key | |
chown :101 /etc/exim4/domain.key | |
chmod 640 /etc/exim4/domain.key | |
fi |
I've force pushed some further changes to make it easier for users to implement. Just one mount and one ENV variable. I don't love appending |
Thank you again, I'm quite happy with the solution. |
Released in v0.5.0 |
Closes #26.
I've confirmed that the instructions and bash if block works on my container, but I have not tested a fresh end-to-end configuration.