Permissions/ownership on /etc/opendkim folder and key/ subfolder

[jeanmonet]

Hi again,

After running the role (on Ubuntu 20.04 LTS with some specific security configuration), I get:

Jan  1 22:44:43 s89499 opendkim[179674]: can't load key from /etc/opendkim/keys/mail.private: Permission denied

The problem is that dkim_group (opendkim) doesn't have read permissions on all the directories in path.

https://github.com/FoxyRoles/ansible-dkim/blob/108f8c6f460aac488d37a03c0f909e6dec8c46ea/tasks/opendkim.yml#L19-L22

It might be a good idea if the role ensures:

• Read permission on dkim_opendkim_config_dir (ie /etc/opendkim) for dkim_group (ie opendkim): either set o+r or, maybe better, set group ownership for this folder to dkim_group (ie opendkim) ensuring that dir has g+r but g-w (group should not have write permissions).
• Same for the keys/ subdir.

Locally I used:

    - file:
        path: "{{ item }}"
        group: "{{ dkim_group }}"
        mode: g-w,g+r
      with_items:
        - "{{ dkim_opendkim_config_dir }}"
        - "{{ dkim_opendkim_config_dir }}/keys"

[foxycode]

@ulvida Can you look at this please? I don't use keys in subdirs as you are.