mail/spamassassin config option AS_ROOT is confusing
Mike Brown
mike at skew.org
Thu Dec 22 15:02:41 UTC 2016
On Tue, Dec 20, 2016 at 05:16:32PM -0700, Adam Weinberger wrote:
> > On 20 Dec, 2016, at 16:51, RW <rwmaillists at googlemail.com> wrote:
> >
> > On Tue, 20 Dec 2016 11:53:43 -0700
> > Mike Brown wrote:
> >
> >> The AS_ROOT option in the mail/spamassassin port is really confusing
> >> to me. Given that its description is "Run spamd as root
> >> (recommended)", what actually happens is somewhat bonkers:
> >>
> >> The main spamd process always runs as root. If AS_ROOT is enabled,
> >> then the child processes who do all the work will not run as root,
> >> but rather as unprivileged user spamd. If AS_ROOT is disabled, then
> >> the children *will* run as root, but as needed they will setuid to
> >> the user calling spamc.
> >> Which setting you want depends on where user prefs and Bayes data is
> >> stored. If it's in user-owned ~/.spamassassin directories, then you
> >> want AS_ROOT disabled or you'll get a plethora of error messages and
> >> lock file warnings relating to permissions, since user spamd can't
> >> write where it needs to.
> >
> > That shouldn't happen as the default (without virtual users) is to
> > use /var/spool/spamd, the spamd user's home directory.
I think we need to get to the bottom of this before I propose an extended help
message for the FreeBSD port's config options. I don't want to misrepresent
the expected behavior of using -u.
The only thing I see in my SA config which could be causing the non-default
behavior is in local.cf I have "allow_user_rules 1". Is that incompatible with
-u?
More information about the freebsd-ports
mailing list