mail/spamassassin config option AS_ROOT is confusing
mike at skew.org
Tue Dec 20 18:59:23 UTC 2016
The AS_ROOT option in the mail/spamassassin port is really confusing to me.
Given that its description is "Run spamd as root (recommended)", what actually
happens is somewhat bonkers:
The main spamd process always runs as root. If AS_ROOT is enabled, then the
child processes who do all the work will not run as root, but rather as
unprivileged user spamd. If AS_ROOT is disabled, then the children *will* run
as root, but as needed they will setuid to the user calling spamc.
Which setting you want depends on where user prefs and Bayes data is stored.
If it's in user-owned ~/.spamassassin directories, then you want AS_ROOT
disabled or you'll get a plethora of error messages and lock file warnings
relating to permissions, since user spamd can't write where it needs to.
It took me a while to figure this out on a fresh installation. I enabled the
option, thinking "yes, of course I want it to run as root, so that it can
write to the users' home directories"... then I was confused when it ended up
not running as root but rather as user spamd, and the behavior I wanted was
only possible if I configured the port to *not* run spamd as root.
I guess I am just griping, but I would like to think there is a better way to
describe and name the configuration option. Maybe AS_SPAMD_USER with
description "Run spamd as unprivileged user (recommended)"? Not sure this
really would've helped me know which option to choose, but it would've spared
me from part of the wild goose chase I've been on all day.
Thanks for listening.
More information about the freebsd-ports