From owner-freebsd-ports@freebsd.org Tue Dec 20 18:59:23 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F4227C87865 for ; Tue, 20 Dec 2016 18:59:22 +0000 (UTC) (envelope-from mike@skew.org) Received: from chilled.skew.org (chilled.skew.org [70.90.116.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.skew.org", Issuer "AlphaSSL CA - SHA256 - G2" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D43F01DB7; Tue, 20 Dec 2016 18:59:22 +0000 (UTC) (envelope-from mike@skew.org) Received: from chilled.skew.org (localhost [127.0.0.1]) by chilled.skew.org (8.15.2/8.15.2) with ESMTPS id uBKIrhqv012259 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 20 Dec 2016 11:53:44 -0700 (MST) (envelope-from mike@chilled.skew.org) Received: (from mike@localhost) by chilled.skew.org (8.15.2/8.15.2/Submit) id uBKIrhor012258; Tue, 20 Dec 2016 11:53:43 -0700 (MST) (envelope-from mike) Date: Tue, 20 Dec 2016 11:53:43 -0700 From: Mike Brown To: freebsd-ports@freebsd.org Cc: adamw@freebsd.org Subject: mail/spamassassin config option AS_ROOT is confusing Message-ID: <20161220185343.GA12168@chilled.skew.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Whoa: whoa. User-Agent: Mutt/1.7.1 (2016-10-04) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Dec 2016 18:59:23 -0000 The AS_ROOT option in the mail/spamassassin port is really confusing to me. Given that its description is "Run spamd as root (recommended)", what actually happens is somewhat bonkers: The main spamd process always runs as root. If AS_ROOT is enabled, then the child processes who do all the work will not run as root, but rather as unprivileged user spamd. If AS_ROOT is disabled, then the children *will* run as root, but as needed they will setuid to the user calling spamc. Which setting you want depends on where user prefs and Bayes data is stored. If it's in user-owned ~/.spamassassin directories, then you want AS_ROOT disabled or you'll get a plethora of error messages and lock file warnings relating to permissions, since user spamd can't write where it needs to. It took me a while to figure this out on a fresh installation. I enabled the option, thinking "yes, of course I want it to run as root, so that it can write to the users' home directories"... then I was confused when it ended up not running as root but rather as user spamd, and the behavior I wanted was only possible if I configured the port to *not* run spamd as root. I guess I am just griping, but I would like to think there is a better way to describe and name the configuration option. Maybe AS_SPAMD_USER with description "Run spamd as unprivileged user (recommended)"? Not sure this really would've helped me know which option to choose, but it would've spared me from part of the wild goose chase I've been on all day. Thanks for listening.