Bug 143189 - spamassassin run as root and doesn't have accessible config directory
Summary: spamassassin run as root and doesn't have accessible config directory
Alias: None
Product: Fedora
Classification: Fedora
Component: spamassassin   
(Show other bugs)
Version: 3
Hardware: All Linux
Target Milestone: ---
Assignee: Chip Turner
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-17 08:48 UTC by Milan Kerslager
Modified: 2007-11-30 22:10 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-19 23:10:55 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Milan Kerslager 2004-12-17 08:48:31 UTC
Please create special user account for running spamd with home
directory in /var/lib/spamassassin. Create an option in
/etc/sysconfig/spamassassin (for example SPAMDRUNAS=spamd) and modify
/etc/init.d/spamassassin (parameter -u user for spamd).

This is more secure than run Spamassassin as root even spamd fallback
to nobody after started as root.

The second reason is to have spamd database in another directory than
root's own because when spamd fallback to nobody it is impossible to
read contents of /root/.spamassassin (Bayes database for example).

Comment 1 Chip Turner 2004-12-19 23:10:55 UTC
spamd will already setuid to drop privileges based on the email for
whom it is being invoked.  in other words, when user joe runs spamc,
spamd will setuid to become joe so it can access joe's own bayes
scores, configs, etc.

so althrough spamd is started as root, it doesn't do the majority of
its operations as root, and it being root lets it have added
functionality that otherwise would be missing

Note You need to log in before you can comment on or make changes to this bug.