Bug 143189 - spamassassin run as root and doesn't have accessible config directory
spamassassin run as root and doesn't have accessible config directory
Product: Fedora
Classification: Fedora
Component: spamassassin (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chip Turner
Depends On:
  Show dependency treegraph
Reported: 2004-12-17 03:48 EST by Milan Kerslager
Modified: 2007-11-30 17:10 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-19 18:10:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Milan Kerslager 2004-12-17 03:48:31 EST
Please create special user account for running spamd with home
directory in /var/lib/spamassassin. Create an option in
/etc/sysconfig/spamassassin (for example SPAMDRUNAS=spamd) and modify
/etc/init.d/spamassassin (parameter -u user for spamd).

This is more secure than run Spamassassin as root even spamd fallback
to nobody after started as root.

The second reason is to have spamd database in another directory than
root's own because when spamd fallback to nobody it is impossible to
read contents of /root/.spamassassin (Bayes database for example).
Comment 1 Chip Turner 2004-12-19 18:10:55 EST
spamd will already setuid to drop privileges based on the email for
whom it is being invoked.  in other words, when user joe runs spamc,
spamd will setuid to become joe so it can access joe's own bayes
scores, configs, etc.

so althrough spamd is started as root, it doesn't do the majority of
its operations as root, and it being root lets it have added
functionality that otherwise would be missing

Note You need to log in before you can comment on or make changes to this bug.