ports/78700: sa-spamd script does not play well with spamd "-u" flag

Jeremy Chadwick freebsd at jdc.parodius.com
Fri Mar 11 14:30:05 UTC 2005 

>Number:         78700
>Category:       ports
>Synopsis:       sa-spamd script does not play well with spamd "-u" flag
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 11 14:30:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jeremy Chadwick
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
Parodius Networking
>Environment:
System: FreeBSD pentarou.parodius.com 4.11-STABLE FreeBSD 4.11-STABLE #0: Sat Feb 5 08:39:49 PST 2005 root at pentarou.parodius.com:/usr/obj/usr/src/sys/PENTAROU i386
>Description:
The sa-spamd.sh rc(8) script is not friendly with situations where
spamd needs to run as a non-root user.  If you start spamd in such environments,
you'll receive a warning that spamd is switching credentials to a non-root user
(default nobody).  Example:

Mar 11 06:15:01 medusa spamd[56571]: connection from localhost [127.0.0.1] at port 55031
Mar 11 06:15:01 medusa spamd[56571]: info: setuid to root succeeded
Mar 11 06:15:01 medusa spamd[56571]: Still running as root: user not specified with -u, not found, or set to root.  Fall back to nobody.
Mar 11 06:15:01 medusa spamd[56571]: processing message <200503111415.j2BEF1Ah056662 at medusa.parodius.com> for root:65534.

As the warning in the log is generated __once per Email__, heavily loaded
machines generate excessive syslog traffic.

This can be avoided by setting spamd_flags to contain "-u nobody".  This
works great, except that it induces a new problem relating to the
ownership of the PID file:

Mar 11 06:00:30 medusa spamd[55988]: Can't write to PID file: Permission denied

If things were simple, an admin could just do the following:

	touch /var/run/spamd.pid
	chown nobody:nobody /var/run/spamd.pid

...except that the sa-spamd.sh rc(8) script deliberately removes the pidfile
when shutting down spamd.

I have no idea how spamd handles signals, so one should test that to see
how the pidfile is maintained in such situations (i.e. SIGTERM, SIGUSR1, etc.).

>How-To-Repeat:
1.  Shut down spamd
2.  Set spamd_flags in rc.conf to contain "-u nobody"
3.  Start spamd
4.  Send someone mail to an account which gets processed by spamd
5.  Look at /var/log/maillog; you will find a message along these lines:

>Fix:
There's a couple solutions available.  Pick and choose whichever:

1.  Don't remove the pidfile, period.  I can't recommend this since I
know of situations where spamd will not remove the pidfile when dying,
etc. etc...  So I believe the rm -f on the pidfile to be a good thing.

2.  Grep through the spamd_flags rc.conf variable to see if -u is
specified; if it is, touch and chown spamd_pidfile before the
actual spamd process starts.  This is excessive, in lieu of option 3...

3.  Create a new "spamd_user" rc flag, and add appropriate framework
for supporting this inside of sa-spamd.sh.  This would be the best
solution.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list