Date: Thu, 22 Dec 2016 08:02:30 -0700 From: Mike Brown <mike@skew.org> To: Adam Weinberger <adamw@adamw.org> Cc: RW <rwmaillists@googlemail.com>, ports@freebsd.org, adamw@FreeBSD.org Subject: Re: mail/spamassassin config option AS_ROOT is confusing Message-ID: <20161222150230.GA26461@chilled.skew.org> In-Reply-To: <29D71958-222C-4898-9B47-D71DDF72C9FC@adamw.org> References: <20161220185343.GA12168@chilled.skew.org> <20161220235116.297d870f@gumby.homeunix.com> <29D71958-222C-4898-9B47-D71DDF72C9FC@adamw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 20, 2016 at 05:16:32PM -0700, Adam Weinberger wrote: > > On 20 Dec, 2016, at 16:51, RW <rwmaillists@googlemail.com> wrote: > > > > On Tue, 20 Dec 2016 11:53:43 -0700 > > Mike Brown wrote: > > > >> The AS_ROOT option in the mail/spamassassin port is really confusing > >> to me. Given that its description is "Run spamd as root > >> (recommended)", what actually happens is somewhat bonkers: > >> > >> The main spamd process always runs as root. If AS_ROOT is enabled, > >> then the child processes who do all the work will not run as root, > >> but rather as unprivileged user spamd. If AS_ROOT is disabled, then > >> the children *will* run as root, but as needed they will setuid to > >> the user calling spamc. > >> Which setting you want depends on where user prefs and Bayes data is > >> stored. If it's in user-owned ~/.spamassassin directories, then you > >> want AS_ROOT disabled or you'll get a plethora of error messages and > >> lock file warnings relating to permissions, since user spamd can't > >> write where it needs to. > > > > That shouldn't happen as the default (without virtual users) is to > > use /var/spool/spamd, the spamd user's home directory. I think we need to get to the bottom of this before I propose an extended help message for the FreeBSD port's config options. I don't want to misrepresent the expected behavior of using -u. The only thing I see in my SA config which could be causing the non-default behavior is in local.cf I have "allow_user_rules 1". Is that incompatible with -u?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161222150230.GA26461>