mail/spamassassin config option AS_ROOT is confusing

[RW]

On Tue, 20 Dec 2016 11:53:43 -0700
Mike Brown wrote:

> The AS_ROOT option in the mail/spamassassin port is really confusing
> to me. Given that its description is "Run spamd as root
> (recommended)", what actually happens is somewhat bonkers:
> 
> The main spamd process always runs as root. If AS_ROOT is enabled,
> then the child processes who do all the work will not run as root,
> but rather as unprivileged user spamd. If AS_ROOT is disabled, then
> the children *will* run as root, but as needed they will setuid to
> the user calling spamc. 
> Which setting you want depends on where user prefs and Bayes data is
> stored. If it's in user-owned ~/.spamassassin directories, then you
> want AS_ROOT disabled or you'll get a plethora of error messages and
> lock file warnings relating to permissions, since user spamd can't
> write where it needs to.

That shouldn't happen as the default (without virtual users) is to
use /var/spool/spamd, the spamd user's home directory.

> It took me a while to figure this out on a fresh installation. I
> enabled the option, thinking "yes, of course I want it to run as
> root, so that it can write to the users' home directories"... then I
> was confused when it ended up not running as root but rather as user
> spamd, and the behavior I wanted was only possible if I configured
> the port to *not* run spamd as root.
> 
> I guess I am just griping, but I would like to think there is a
> better way to describe and name the configuration option. Maybe
> AS_SPAMD_USER with description "Run spamd as unprivileged user
> (recommended)"? 

I never noticed this because (probably like a lot of people) the first
thing I did was set my own spamd_flags in rc.conf and that overrides
the effect of AS_ROOT. 

I do agree it's confusing. I've CC'ed the maintainer.