You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Kate Kleinschafer <ka...@rheel.co.nz> on 2008/10/15 02:32:15 UTC

permissions on /root/.spamassassin folder

Hi all,

Just wondering what the permissions should be on the /root/.spamassassin 
folder.

When I run a message by the command
sudo -u postfix spamassassin -p 
/etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI

I am getting the error warn: config: path /root/.spamassassin is 
inaccessible permission denied.
owned by root:root
permissions drwx

Thanks
Kate

Re: permissions on /root/.spamassassin folder

Posted by mouss <mo...@netoyen.net>.

Matt Kettler a écrit :
> Kate Kleinschafer wrote:
>> Hi all,
>>
>> Just wondering what the permissions should be on the
>> /root/.spamassassin folder.
>>
>> When I run a message by the command
>> sudo -u postfix spamassassin -p
>> /etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
>>
>> I am getting the error warn: config: path /root/.spamassassin is
>> inaccessible permission denied.
>> owned by root:root
>> permissions drwx
>>
> That sounds like the postfix user doesn't have a home directory it can
> read/write, and it was pointed at /root to prevent it from having
> access. This is probably intentional in the security design of postfix,
> so it might be unwise to change it.
> 

hmm. postfix has a home dir, /var/spool/postfix (which is not writable
by postfix). so I bet /root/.spamassassin came from somewhere else (
spam.assassin.prefs.conf?).

> I would strongly consider running SA as a different user, one which has
> a home directory it has rights to. That also means you'd need to change
> your mailscanner config, and possibly rights on your
> /var/spool/MailScanner/* directories. However, I'm not terribly familiar
> here.
> 
> The simple thing to do would be to create a /home/postfix, and modify
> the postfix user to have that homedir, but this would likely increase
> the risks of your postfix process being exploitable.
> 

This would indeed be unwise. but I doubt it would change anything.

The easy way is to test SA as root. or as another user, possibly after
copying Bayes and AWL files.

Re: permissions on /root/.spamassassin folder

Posted by Kate Kleinschafer <ka...@rheel.co.nz>.

Matt Kettler wrote:
> Kate Kleinschafer wrote:
>   
>> Hi all,
>>
>> Just wondering what the permissions should be on the
>> /root/.spamassassin folder.
>>
>> When I run a message by the command
>> sudo -u postfix spamassassin -p
>> /etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
>>
>> I am getting the error warn: config: path /root/.spamassassin is
>> inaccessible permission denied.
>> owned by root:root
>> permissions drwx
>>
>>     
> That sounds like the postfix user doesn't have a home directory it can
> read/write, and it was pointed at /root to prevent it from having
> access. This is probably intentional in the security design of postfix,
> so it might be unwise to change it.
>   
Yeah I don't think I will change this.
> I would strongly consider running SA as a different user, one which has
> a home directory it has rights to. That also means you'd need to change
> your mailscanner config, and possibly rights on your
> /var/spool/MailScanner/* directories. However, I'm not terribly familiar
> here.
>
>   
SA is running as that user becuase I think that MailScanner calls 
spamassassin as that user
> The simple thing to do would be to create a /home/postfix, and modify
> the postfix user to have that homedir, but this would likely increase
> the risks of your postfix process being exploitable.
>
>   
I think I will leave it as is right now.

Thanks for your advice.
Kate

Re: permissions on /root/.spamassassin folder

Posted by Matt Kettler <mk...@verizon.net>.

Kate Kleinschafer wrote:
> Hi all,
>
> Just wondering what the permissions should be on the
> /root/.spamassassin folder.
>
> When I run a message by the command
> sudo -u postfix spamassassin -p
> /etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
>
> I am getting the error warn: config: path /root/.spamassassin is
> inaccessible permission denied.
> owned by root:root
> permissions drwx
>
That sounds like the postfix user doesn't have a home directory it can
read/write, and it was pointed at /root to prevent it from having
access. This is probably intentional in the security design of postfix,
so it might be unwise to change it.

I would strongly consider running SA as a different user, one which has
a home directory it has rights to. That also means you'd need to change
your mailscanner config, and possibly rights on your
/var/spool/MailScanner/* directories. However, I'm not terribly familiar
here.

The simple thing to do would be to create a /home/postfix, and modify
the postfix user to have that homedir, but this would likely increase
the risks of your postfix process being exploitable.

Re: permissions on /root/.spamassassin folder

Posted by SM <sm...@resistor.net>.

At 17:32 14-10-2008, Kate Kleinschafer wrote:
>Just wondering what the permissions should be on the 
>/root/.spamassassin folder.
>
>When I run a message by the command
>sudo -u postfix spamassassin -p 
>/etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
>
>I am getting the error warn: config: path /root/.spamassassin is 
>inaccessible permission denied.

You are running spamassassin as user postfix.  spamassassin is trying 
to read the user preferences off the home directory it got from the 
environment.  User postfix does not have access to the /root directory.

>owned by root:root
>permissions drwx

These permissions are correct.

Regards,
-sm

RE: permissions on /root/.spamassassin folder

Posted by Michael Hutchinson <mh...@manux.co.nz>.

> -----Original Message-----
> From: Kate Kleinschafer [mailto:kate@rheel.co.nz]
> Sent: 15 October 2008 1:32 p.m.
> To: users@spamassassin.apache.org
> Subject: permissions on /root/.spamassassin folder
> 
> Hi all,
> 
> Just wondering what the permissions should be on the
/root/.spamassassin
> folder.
> 
> When I run a message by the command
> sudo -u postfix spamassassin -p
> /etc/MailScanner/spam.assassin.prefs.conf -t < message.MAI
> 
> I am getting the error warn: config: path /root/.spamassassin is
> inaccessible permission denied.
> owned by root:root
> permissions drwx
> 
> Thanks
> Kate

Hello Kate,

The problem is that you're trying to access a file owned by root, and
yet your sudo command line changes the user to postfix - so you're
actually running the command as the postfix user, not root - and thusly
cannot use root's files.

If you're already logged in as the root user, perhaps try the command
without the "-u postfix" part... or...
If you're not already root, replace "postfix" after the "-u" part with
"root".

The other possibility is that you want to access root's Spamassassin
files as the "postfix" user. You can change the permissions on the
files, but I don't recommend that - there must be another way to achieve
the desired result. (Perhaps user grouping could have something to do
with it) - but this is now turning into a postfix question.

Cheers,
Michael Hutchinson
Manux Solutions Ltd