On Sat, 2007-11-17 at 13:54 +0000, Stuart Henderson wrote: > The attached version: > > - changes mkdir/chmod for an install in MESSAGE > - adds notes about permissions on /dev/pf > - calls setgid(), so /dev/pf only needs 640 not 644 > (the code already assumes that username == groupname so > I didn't add a new config parameter)
Hmm, I think there is a problem with /dev/pf permission changes you make. Since there may be other proxies which can use /dev/pf (like smtp-gated) and they have their own uid/gid's, we should not change /dev/pf's group to _p3scan. Thus the only option seems like having 644 on /dev/pf and no group change, or perhaps a common group for all proxies (the later seems unlikely). These render MESSAGE changes misleading too. (I have chosen 644 option.)
