Systemd unit only applies User, Group & RuntimeDirectoryMode settings on service restart
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I'm using Fedora 28 x64 on a VPS. I've setup postfix as send-only mail server with OpenDKIM for signing outgoing emails.
Postfix connects to OpenDKIM via unix socket setup on /run/opendkim/opendkim.sock
Permission for /run/opendkim/ is as follows
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
For Postfix to connect to the OpenDKIM milter, I've changed Group to postfix in the OpenDKIM unit file and added RuntimeDirectoryMode=0750. Here's the entire opendkim.service file.
Location: /usr/lib/systemd/system/opendkim.service
[Unit]
Description=DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target remote-fs.target nss-lookup.target syslog.target
[Service]
Type=forking
User=opendkim
Group=postfix
PIDFile=/run/opendkim/opendkim.pid
EnvironmentFile=-/etc/sysconfig/opendkim
ExecStart=/usr/sbin/opendkim $OPTIONS
ExecReload=/bin/kill -USR1 $MAINPID
RuntimeDirectory=opendkim
RuntimeDirectoryMode=0750
[Install]
WantedBy=multi-user.target
The issue I'm facing is that the User, Group, RuntimeDirectoryMode values are only applied when I restart the OpenDKIM service manually. OpenDKIM is enabled to run on system boot via systemctl enable opendkim.
But after rebooting the VPS, the directory permissions are the same.
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
I've to run systemctl restart opendkim for the permissions to change to
drwxr-x---. 2 opendkim postfix 80 Jul 13 00:05 opendkim
Any idea why this happens? Anything I'm missing here?
fedora systemd opendkim
asked Jul 12 at 18:50
Ronak
1256
add a comment |Â
up vote
1
down vote
favorite
I'm using Fedora 28 x64 on a VPS. I've setup postfix as send-only mail server with OpenDKIM for signing outgoing emails.
Postfix connects to OpenDKIM via unix socket setup on /run/opendkim/opendkim.sock
Permission for /run/opendkim/ is as follows
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
For Postfix to connect to the OpenDKIM milter, I've changed Group to postfix in the OpenDKIM unit file and added RuntimeDirectoryMode=0750. Here's the entire opendkim.service file.
Location: /usr/lib/systemd/system/opendkim.service
[Unit]
Description=DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target remote-fs.target nss-lookup.target syslog.target
[Service]
Type=forking
User=opendkim
Group=postfix
PIDFile=/run/opendkim/opendkim.pid
EnvironmentFile=-/etc/sysconfig/opendkim
ExecStart=/usr/sbin/opendkim $OPTIONS
ExecReload=/bin/kill -USR1 $MAINPID
RuntimeDirectory=opendkim
RuntimeDirectoryMode=0750
[Install]
WantedBy=multi-user.target
The issue I'm facing is that the User, Group, RuntimeDirectoryMode values are only applied when I restart the OpenDKIM service manually. OpenDKIM is enabled to run on system boot via systemctl enable opendkim.
But after rebooting the VPS, the directory permissions are the same.
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
I've to run systemctl restart opendkim for the permissions to change to
drwxr-x---. 2 opendkim postfix 80 Jul 13 00:05 opendkim
Any idea why this happens? Anything I'm missing here?
fedora systemd opendkim
asked Jul 12 at 18:50
Ronak
1256
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm using Fedora 28 x64 on a VPS. I've setup postfix as send-only mail server with OpenDKIM for signing outgoing emails.
Postfix connects to OpenDKIM via unix socket setup on /run/opendkim/opendkim.sock
Permission for /run/opendkim/ is as follows
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
For Postfix to connect to the OpenDKIM milter, I've changed Group to postfix in the OpenDKIM unit file and added RuntimeDirectoryMode=0750. Here's the entire opendkim.service file.
Location: /usr/lib/systemd/system/opendkim.service
[Unit]
Description=DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target remote-fs.target nss-lookup.target syslog.target
[Service]
Type=forking
User=opendkim
Group=postfix
PIDFile=/run/opendkim/opendkim.pid
EnvironmentFile=-/etc/sysconfig/opendkim
ExecStart=/usr/sbin/opendkim $OPTIONS
ExecReload=/bin/kill -USR1 $MAINPID
RuntimeDirectory=opendkim
RuntimeDirectoryMode=0750
[Install]
WantedBy=multi-user.target
The issue I'm facing is that the User, Group, RuntimeDirectoryMode values are only applied when I restart the OpenDKIM service manually. OpenDKIM is enabled to run on system boot via systemctl enable opendkim.
But after rebooting the VPS, the directory permissions are the same.
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
I've to run systemctl restart opendkim for the permissions to change to
drwxr-x---. 2 opendkim postfix 80 Jul 13 00:05 opendkim
Any idea why this happens? Anything I'm missing here?
fedora systemd opendkim
asked Jul 12 at 18:50
Ronak
1256
I'm using Fedora 28 x64 on a VPS. I've setup postfix as send-only mail server with OpenDKIM for signing outgoing emails.
Postfix connects to OpenDKIM via unix socket setup on /run/opendkim/opendkim.sock
Permission for /run/opendkim/ is as follows
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
For Postfix to connect to the OpenDKIM milter, I've changed Group to postfix in the OpenDKIM unit file and added RuntimeDirectoryMode=0750. Here's the entire opendkim.service file.
Location: /usr/lib/systemd/system/opendkim.service
[Unit]
Description=DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target remote-fs.target nss-lookup.target syslog.target
[Service]
Type=forking
User=opendkim
Group=postfix
PIDFile=/run/opendkim/opendkim.pid
EnvironmentFile=-/etc/sysconfig/opendkim
ExecStart=/usr/sbin/opendkim $OPTIONS
ExecReload=/bin/kill -USR1 $MAINPID
RuntimeDirectory=opendkim
RuntimeDirectoryMode=0750
[Install]
WantedBy=multi-user.target
The issue I'm facing is that the User, Group, RuntimeDirectoryMode values are only applied when I restart the OpenDKIM service manually. OpenDKIM is enabled to run on system boot via systemctl enable opendkim.
But after rebooting the VPS, the directory permissions are the same.
drwx------. 2 opendkim opendkim 80 Jul 13 00:05 opendkim
I've to run systemctl restart opendkim for the permissions to change to
drwxr-x---. 2 opendkim postfix 80 Jul 13 00:05 opendkim
Any idea why this happens? Anything I'm missing here?
fedora systemd opendkim
asked Jul 12 at 18:50
Ronak
1256
asked Jul 12 at 18:50
Ronak
1256
asked Jul 12 at 18:50
Ronak
1256
asked Jul 12 at 18:50
Ronak
1256
1256
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
The opendkim package includes a systemd-tmpfiles configuration which creates the /run/opendkim directory at startup and sets its ownership and permissions.
[root@localhost ~]# cat /etc/tmpfiles.d/opendkim.conf
D /var/run/opendkim 0700 opendkim opendkim -
So, your customizations to the systemd service unit are being overwritten at boot time.
According to the tutorial linked from the README.fedora shipped with the package, you're meant to have Postfix talk to OpenDKIM over a local TCP socket on port 8891, not via its UNIX socket. So there is no need to alter the permissions of the temporary directory. You do need to alter your Postfix main.cf though:
smtpd_milters = inet:127.0.0.1:8891
You also should return the opendkim configuration to its shipped default.
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
answered Jul 12 at 19:48
Michael Hampton
5,15311535
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit/etc/tmpfiles.d/opendkim.confso that unix sockets work too? Is there anyway to safely overwrite files inside/etc/tmpfiles.d/, something likesystemctl edit opendkim.service?
– Ronak
Jul 13 at 11:43
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
The opendkim package includes a systemd-tmpfiles configuration which creates the /run/opendkim directory at startup and sets its ownership and permissions.
[root@localhost ~]# cat /etc/tmpfiles.d/opendkim.conf
D /var/run/opendkim 0700 opendkim opendkim -
So, your customizations to the systemd service unit are being overwritten at boot time.
According to the tutorial linked from the README.fedora shipped with the package, you're meant to have Postfix talk to OpenDKIM over a local TCP socket on port 8891, not via its UNIX socket. So there is no need to alter the permissions of the temporary directory. You do need to alter your Postfix main.cf though:
smtpd_milters = inet:127.0.0.1:8891
You also should return the opendkim configuration to its shipped default.
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
answered Jul 12 at 19:48
Michael Hampton
5,15311535
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit/etc/tmpfiles.d/opendkim.confso that unix sockets work too? Is there anyway to safely overwrite files inside/etc/tmpfiles.d/, something likesystemctl edit opendkim.service?
– Ronak
Jul 13 at 11:43
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
add a comment |Â
up vote
2
down vote
accepted
The opendkim package includes a systemd-tmpfiles configuration which creates the /run/opendkim directory at startup and sets its ownership and permissions.
[root@localhost ~]# cat /etc/tmpfiles.d/opendkim.conf
D /var/run/opendkim 0700 opendkim opendkim -
So, your customizations to the systemd service unit are being overwritten at boot time.
According to the tutorial linked from the README.fedora shipped with the package, you're meant to have Postfix talk to OpenDKIM over a local TCP socket on port 8891, not via its UNIX socket. So there is no need to alter the permissions of the temporary directory. You do need to alter your Postfix main.cf though:
smtpd_milters = inet:127.0.0.1:8891
You also should return the opendkim configuration to its shipped default.
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
answered Jul 12 at 19:48
Michael Hampton
5,15311535
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit/etc/tmpfiles.d/opendkim.confso that unix sockets work too? Is there anyway to safely overwrite files inside/etc/tmpfiles.d/, something likesystemctl edit opendkim.service?
– Ronak
Jul 13 at 11:43
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
The opendkim package includes a systemd-tmpfiles configuration which creates the /run/opendkim directory at startup and sets its ownership and permissions.
[root@localhost ~]# cat /etc/tmpfiles.d/opendkim.conf
D /var/run/opendkim 0700 opendkim opendkim -
So, your customizations to the systemd service unit are being overwritten at boot time.
According to the tutorial linked from the README.fedora shipped with the package, you're meant to have Postfix talk to OpenDKIM over a local TCP socket on port 8891, not via its UNIX socket. So there is no need to alter the permissions of the temporary directory. You do need to alter your Postfix main.cf though:
smtpd_milters = inet:127.0.0.1:8891
You also should return the opendkim configuration to its shipped default.
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
answered Jul 12 at 19:48
Michael Hampton
5,15311535
The opendkim package includes a systemd-tmpfiles configuration which creates the /run/opendkim directory at startup and sets its ownership and permissions.
[root@localhost ~]# cat /etc/tmpfiles.d/opendkim.conf
D /var/run/opendkim 0700 opendkim opendkim -
So, your customizations to the systemd service unit are being overwritten at boot time.
According to the tutorial linked from the README.fedora shipped with the package, you're meant to have Postfix talk to OpenDKIM over a local TCP socket on port 8891, not via its UNIX socket. So there is no need to alter the permissions of the temporary directory. You do need to alter your Postfix main.cf though:
smtpd_milters = inet:127.0.0.1:8891
You also should return the opendkim configuration to its shipped default.
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
answered Jul 12 at 19:48
Michael Hampton
5,15311535
edited Jul 21 at 21:24
answered Jul 12 at 19:48
Michael Hampton
5,15311535
answered Jul 12 at 19:48
Michael Hampton
5,15311535
answered Jul 12 at 19:48
Michael Hampton
5,15311535
5,15311535
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit/etc/tmpfiles.d/opendkim.confso that unix sockets work too? Is there anyway to safely overwrite files inside/etc/tmpfiles.d/, something likesystemctl edit opendkim.service?
– Ronak
Jul 13 at 11:43
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
add a comment |Â
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit/etc/tmpfiles.d/opendkim.confso that unix sockets work too? Is there anyway to safely overwrite files inside/etc/tmpfiles.d/, something likesystemctl edit opendkim.service?
– Ronak
Jul 13 at 11:43
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit
/etc/tmpfiles.d/opendkim.conf so that unix sockets work too? Is there anyway to safely overwrite files inside /etc/tmpfiles.d/, something like systemctl edit opendkim.service?– Ronak
Jul 13 at 11:43
Changed the OpenDKIM to listen to TCP and now everything works without any manual restarts after reboot. I've heard that unix sockets are faster than TCP so do you recommend that I edit
/etc/tmpfiles.d/opendkim.conf so that unix sockets work too? Is there anyway to safely overwrite files inside /etc/tmpfiles.d/, something like systemctl edit opendkim.service?– Ronak
Jul 13 at 11:43
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
@Ronak There's little difference between Unix sockets and a localhost TCP connection. In fact the latter is sometimes more performant. Anyway, the default opendkim.conf that shipped with it already listened on TCP, so you could just restore it to what it was originally, and leave everything else alone.
– Michael Hampton
Jul 13 at 16:48
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f454960%2fsystemd-unit-only-applies-user-group-runtimedirectorymode-settings-on-service%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
