You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2021/08/31 16:29:08 UTC
[Bug 7924] New: sa-update cron job fail due to lacks of permissions
on create dir
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7924
Bug ID: 7924
Summary: sa-update cron job fail due to lacks of permissions on
create dir
Product: Spamassassin
Version: 3.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: blocker
Priority: P2
Component: sa-update
Assignee: dev@spamassassin.apache.org
Reporter: jfbachelet@free.fr
CC: jfbachelet@free.fr
Target Milestone: Undefined
Hello ^^)
Got this report from cron.daily today :
/etc/cron.daily/spamassassin:
mkdir /var/lib/spamassassin/3.004006: Permission denied at /usr/bin/sa-update
line 488.
sa-update failed for unknown reasons.
it appears that the cron job is run as 'spamd' (my case) (or 'debian-spamd')
user and that one have no permissions to write in '/var/lib/spamassassin'
(nornal as this dir has been created by root at the spamassassin installation
time).
it's only a permissions problem, so after researchs on the web I can see that
this problem exists for since some times now, so why it is still present in the
latest version availlable ?
I can manually change the permissions by issuing that command :
'chown -R spamd:spamd /var/lib/spamassassin'
but that is just a work-around.
It is needed that this be done at spamassassin install time automatically after
the spamd user creation and/or that sa-update would be able to verify the
rights on this directory and be able to modify it when run by the cron job to
prevent that error.
can you tell me how 'sa-update' script must be modified to do this ?
Thanks,
Jeff
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7924] sa-update cron job fail due to lacks of permissions on
create dir
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7924
--- Comment #2 from Jean-Francois Bachelet <jf...@free.fr> ---
Hello Bill ^^)
at least there is an option to run a cron job for sa-update in the spamassassin
conf file, I have enabled it at install time.
so I have to set the proper permissions for my user 'spamd' on the
'/var/lib/spamassassin' by hand if I want to use the cron job to run sa-update
?
Ok I'll do it. just hope nothing will touch it after that ^^)
Thanks for the speedy answer.
Jeff
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7924] sa-update cron job fail due to lacks of permissions on
create dir
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7924
Bill Cole <bi...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |billcole@apache.org
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Bill Cole <bi...@apache.org> ---
This is a problem with how SA and the cron job running sa-update were
installed. This is handled by the packager for a specific distribution (e.g.
RedHat, Debian, etc. ) or by the user themselves if installed from source.
SpamAssassin itself does not install any sa-update cron job, but rather
documents the available choices for packagers and users in the README, INSTALL,
and PACKAGING files.
The most common solution chosen by packagers is to install SA as root and run
the sa-update script as root. You could also install it as another user (e.g.
spamd) so that directories created based on Makefile.PL arguments (e.g.
LOCALSTATEDIR, which is usually /var/lib/spamassassin) are owned by that user
and then you can run any maintenance scripts like sa-update as that user.
Because the core SA distribution is designed to work on any system that can run
Perl, for installations by privileged or unprivileged users, the distribution
build system does not set ownership and permissions of the update directory or
of the other configurable directories to a user that may not exist on a
specific system.
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 7924] sa-update cron job fail due to lacks of permissions on
create dir
Posted by bu...@spamassassin.apache.org.
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7924
--- Comment #3 from Bill Cole <bi...@apache.org> ---
(In reply to Jean-Francois Bachelet from comment #2)
> Hello Bill ^^)
>
> at least there is an option to run a cron job for sa-update in the
> spamassassin conf file, I have enabled it at install time.
That must be a packager addition. If you mean the script in the debian
subdirectory, as it says in the docs there, it is supposed to be run as root.
That subdirectory is something of a historical artifact, as no one from Debian
has seen fit to submit any changes for it in many years.
> so I have to set the proper permissions for my user 'spamd' on the
> '/var/lib/spamassassin' by hand if I want to use the cron job to run
> sa-update ?
That is one option. The more common approach is to run the sa-update cron job
as root. For extra safety, you could also run sa-update from an unprivileged
cron job into some other directory (using an --updatedir=/path/ option) and
validate the update before installing it into /var/lib/spamassassin.
--
You are receiving this mail because:
You are the assignee for the bug.