You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ronan <r....@qub.ac.uk> on 2004/10/18 11:26:09 UTC
running children as root
what is the switch to set my spamd children to run as non root. Ive
looked throuhg all the docs but i must have skipped over it or i am just
in a monday mood and cant understand it....
thnaks
ronan
ps what are the preferred options / tweaks to SA3 to be done to an 'out
of the box 'version after a clean uprgrade....?
--
Regards
Ronan McGlue
==============
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Re: running children as root
Posted by Rick Macdougall <ri...@nougen.com>.
Hi,
In-line response.
Matt Kettler wrote:
> At 11:25 AM 10/18/2004, Rick Macdougall wrote:
>
>> Why would one not rely on SA running as one and only one user when
>> writing to bayes and auto_whitelist files ? Is that not the whole
>> reason behind having a separate user to run spamd as ?
>
>
> Yes, but using bayes_path defeats the purpose of having a separate spamd
> user.
I originally did NOT have a bayes_path in my local.cf and I was running
spamd with
exec /usr/local/bin/spamd -D -q -x -m 10 --max-conn-per-child=20 -u
Spamd -i 206.123.6.18 -A 206.123.6.19,206.123.6.18,216.162.64.120 2>&1
Sometimes it would write to /root/.spamassassin and sometimes it would
write to ~/Spamd/.spamassassin
> Again, IMO, it's a bug to use bayes_path to anything without a ~/ at the
> start without setting bayes_file_mode 777. I stand firmly behind that
> statement.
That's fine, I agree with that too and I have it running like that.
>
> If you make a global bayes db setting apply to all users, it should be
> accessible to all users.
>
In this case there are no users, everything else is stored in mysql.
> Are you sure you're not doing something like sa-learn while logged in as
> root and that the only SA process ever invoked is spamd/spamc?
>
> (You must make absolutely no calls to spamassassin, or sa-learn unless
> su'ed to the spamd user)
Yup, 100% sure there is nothing else calling spamassassin or sa-learn
except as Spamd and there is only one process calling sa-learn once an
hour from Spamds crontab. The only thing this machine does is run the
spamd process, nothing else at all is running on this machine.
Regards,
Rick
Re: running children as root
Posted by Matt Kettler <mk...@evi-inc.com>.
At 11:25 AM 10/18/2004, Rick Macdougall wrote:
>Why would one not rely on SA running as one and only one user when writing
>to bayes and auto_whitelist files ? Is that not the whole reason behind
>having a separate user to run spamd as ?
Yes, but using bayes_path defeats the purpose of having a separate spamd user.
I'd just set spamd's home directory where I wanted the spamd bayes_db to
be. This way any SA processes running as any other user wind up in that
user's homedir and don't muck up the spamd bayes database.
Again, IMO, it's a bug to use bayes_path to anything without a ~/ at the
start without setting bayes_file_mode 777. I stand firmly behind that
statement.
If you make a global bayes db setting apply to all users, it should be
accessible to all users.
>but of course, it is still writing the journal file and auto_whitelist as
>root.
Are you sure you're not doing something like sa-learn while logged in as
root and that the only SA process ever invoked is spamd/spamc?
(You must make absolutely no calls to spamassassin, or sa-learn unless
su'ed to the spamd user)
Re: running children as root
Posted by Rick Macdougall <ri...@nougen.com>.
Matt Kettler wrote:
> At 10:02 AM 10/18/2004, Rick Macdougall wrote:
>
>> Hi,
>>
>> No, they keep running as root all the time.
>>
>> 98160 root 62 0 49992K 41208K RUN 0:09 18.49% 17.53%
>> perl5.8.2
>>
>> It's a large bug here that affects the permissions of the
>> bayes_journal file etc since it gets owned by root instead of the -u
>> user on the spamd command line.
>
>
> Hmm, IMNSHO it's a large bug in SA configuration to set a bayes_path in
> your local.cf without setting the mode to 777 in your local.cf as well.
>
> Don't try to rely on every instance of SA, including command-line as
> well as spamc/spamd, running as one and only one, user. It's not going
> to happen that way in reality.
>
> That said, are you seeing this log message out of spamd (check syslog):
>
> logmsg( "Still running as root: user not specified with -u, " . "not
> found, or set to root. Fall back to nobody." );
Hi,
Why would one not rely on SA running as one and only one user when
writing to bayes and auto_whitelist files ? Is that not the whole
reason behind having a separate user to run spamd as ?
I have no errors in my logfiles about it still running as root, but I do
see the debug lines telling me that the user has changed
debug: user has changed
but of course, it is still writing the journal file and auto_whitelist
as root.
Anything else you'd like me to check on, I'd be more than happy to check
and test.
Regards,
Rick
Re: running children as root
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:02 AM 10/18/2004, Rick Macdougall wrote:
>Hi,
>
>No, they keep running as root all the time.
>
>98160 root 62 0 49992K 41208K RUN 0:09 18.49% 17.53% perl5.8.2
>
>It's a large bug here that affects the permissions of the bayes_journal
>file etc since it gets owned by root instead of the -u user on the spamd
>command line.
Hmm, IMNSHO it's a large bug in SA configuration to set a bayes_path in
your local.cf without setting the mode to 777 in your local.cf as well.
Don't try to rely on every instance of SA, including command-line as well
as spamc/spamd, running as one and only one, user. It's not going to happen
that way in reality.
That said, are you seeing this log message out of spamd (check syslog):
logmsg( "Still running as root: user not specified with -u, " . "not
found, or set to root. Fall back to nobody." );
Re: running children as root
Posted by Ronan <r....@qub.ac.uk>.
sorry matt - didnt meen to be rude! hehe - yeah i take that on board and
ill give it a shot. Ive just checked my logs and spamd does suid nobody
while dealing with a message. I run a sitewaide config on 3 mailhubs
with no user preferneces, so if i run the initial spamd as a non root
user, this i presume wont allow the suid nobody so when a connection is
attempted from the spamc(exiscan) what uid will it run as the spamd or
the eim uid which calls it!???
ronan
Matt Kettler wrote:
> At 10:56 AM 10/18/2004, Ronan wrote:
>
>> so theres no way for the forseeable future to have them idle as non
>> root???
>> Is it advisable jsut to let the configuration be for the time being!?
>> or are the other options available to me?!
>
>
> Sure there is.. you can start spamd as a non-root user.. Spamd runs as
> whatever user it was started as while idle. Since most people launch
> spamd from an init script, that's root, and it setuid's itself later
> after it get's a connection.
>
> However, if spamd idles as a non-root user, it will not be able to
> setuid itself to the userid that spamc passes it. Since this breaks
> documented behavior for multi-user sites, this is not the default.
>
> That said, why do you keep ignoring my suggestion of passing the -u
> parameter to spamd with a username to run as?
>
--
Regards
Ronan McGlue
==============
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Re: running children as root
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:56 AM 10/18/2004, Ronan wrote:
>so theres no way for the forseeable future to have them idle as non root???
>Is it advisable jsut to let the configuration be for the time being!? or
>are the other options available to me?!
Sure there is.. you can start spamd as a non-root user.. Spamd runs as
whatever user it was started as while idle. Since most people launch spamd
from an init script, that's root, and it setuid's itself later after it
get's a connection.
However, if spamd idles as a non-root user, it will not be able to setuid
itself to the userid that spamc passes it. Since this breaks documented
behavior for multi-user sites, this is not the default.
That said, why do you keep ignoring my suggestion of passing the -u
parameter to spamd with a username to run as?
Re: running children as root
Posted by Ronan <r....@qub.ac.uk>.
so theres no way for the forseeable future to have them idle as non root???
Is it advisable jsut to let the configuration be for the time being!? or
are the other options available to me?!
thanks
ronqn
Rick Macdougall wrote:
>
>
> Matt Kettler wrote:
>
>> At 02:12 PM 10/18/2004 +0100, Ronan wrote:
>>
>> In SA 3.0, the children will pre-fork, idle as root, then it should
>> setuid to nobody when a spamc connects.
>>
>> They will then bail back out of that setuid when they are done
>> scanning, so you will generally see them running as root, but only
>> when they are idle.
>>
>> Disclaimer: I've not tested this, but it is the theory of operation
>> that SA 3.0 was designed to, and what you show me above does not
>> disprove that theory.
>
>
> Hi,
>
> No, they keep running as root all the time.
>
> 98160 root 62 0 49992K 41208K RUN 0:09 18.49% 17.53% perl5.8.2
>
> It's a large bug here that affects the permissions of the bayes_journal
> file etc since it gets owned by root instead of the -u user on the spamd
> command line.
>
> Regards,
>
> Rick
--
Regards
Ronan McGlue
==============
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Re: running children as root
Posted by Rick Macdougall <ri...@nougen.com>.
Matt Kettler wrote:
> At 02:12 PM 10/18/2004 +0100, Ronan wrote:
>
> In SA 3.0, the children will pre-fork, idle as root, then it should
> setuid to nobody when a spamc connects.
>
> They will then bail back out of that setuid when they are done scanning,
> so you will generally see them running as root, but only when they are
> idle.
>
> Disclaimer: I've not tested this, but it is the theory of operation that
> SA 3.0 was designed to, and what you show me above does not disprove
> that theory.
Hi,
No, they keep running as root all the time.
98160 root 62 0 49992K 41208K RUN 0:09 18.49% 17.53% perl5.8.2
It's a large bug here that affects the permissions of the bayes_journal
file etc since it gets owned by root instead of the -u user on the spamd
command line.
Regards,
Rick
Re: running children as root
Posted by Matt Kettler <mk...@comcast.net>.
At 02:12 PM 10/18/2004 +0100, Ronan wrote:
>well this is what i have after upgrading tp 3.0.0
>
> ps -ef|grep spamd
> root 23320 27167 0 11:58:56 ? 0:17 /usr/local/bin/perl -T
> /usr/local/bin/spamd -d -r /logs/spamd.pid
> root 27167 1 0 Oct 15 ? 0:02 /usr/local/bin/perl -T
> /usr/local/bin/spamd -d -r /logs/spamd.pid
> root 18777 27167 3 09:57:25 ? 1:14 /usr/local/bin/perl -T
> /usr/local/bin/spamd -d -r /logs/spamd.pid
> root 19749 27167 8 10:13:03 ? 1:26 /usr/local/bin/perl -T
> /usr/local/bin/spamd -d -r /logs/spamd.pid
> root 19250 27167 0 10:01:50 ? 1:03 /usr/local/bin/perl -T
> /usr/local/bin/spamd -d -r /logs/spamd.pid
> root 21501 27167 0 10:55:07 ? 0:30 /usr/local/bin/perl -T
> /usr/local/bin/spamd -d -r /logs/spamd.pid
>
>>If it finds itself running as still running as root after that, it will
>>setuid to "nobody" when it starts to scan mail.
>
>but before when i was running 2.6.x(3) i think! spamd(root) did what youve
>said and called the others as user 'nobody'
Were any of those spamd's scanning mail at the time?
SA 3.0 pre-forks children, which SA 2.6 did not. Thus, when SA 2.6 forked,
they were already handling a connection and suided to nobody.
In SA 3.0, the children will pre-fork, idle as root, then it should setuid
to nobody when a spamc connects.
They will then bail back out of that setuid when they are done scanning, so
you will generally see them running as root, but only when they are idle.
Disclaimer: I've not tested this, but it is the theory of operation that SA
3.0 was designed to, and what you show me above does not disprove that theory.
>>If you want to specify a single user to run spamd as, use the -u
>>parameter to spamd.
>both were acalled using the same commandline
>
> /usr/local/bin/spamd -d -r /logs/spamd.pid
Yep, thus both are relying on the default fall-back behavior, but see
above.. SA 3.0 forks much differently than 2.6 does.
Re: running children as root
Posted by Ronan <r....@qub.ac.uk>.
Matt Kettler wrote:
> At 10:26 AM 10/18/2004 +0100, Ronan wrote:
>
>> what is the switch to set my spamd children to run as non root. Ive
>> looked throuhg all the docs but i must have skipped over it or i am
>> just in a monday mood and cant understand it...
>
>
> by default spamd will *refuse* to run as root. Normaly spamd setuid's to
> match the uid that called spamc.
well this is what i have after upgrading tp 3.0.0
ps -ef|grep spamd
root 23320 27167 0 11:58:56 ? 0:17 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -r /logs/spamd.pid
root 27167 1 0 Oct 15 ? 0:02 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -r /logs/spamd.pid
root 18777 27167 3 09:57:25 ? 1:14 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -r /logs/spamd.pid
root 19749 27167 8 10:13:03 ? 1:26 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -r /logs/spamd.pid
root 19250 27167 0 10:01:50 ? 1:03 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -r /logs/spamd.pid
root 21501 27167 0 10:55:07 ? 0:30 /usr/local/bin/perl -T
/usr/local/bin/spamd -d -r /logs/spamd.pid
>
> If it finds itself running as still running as root after that, it will
> setuid to "nobody" when it starts to scan mail.
but before when i was running 2.6.x(3) i think! spamd(root) did what
youve said and called the others as user 'nobody'
> If you want to specify a single user to run spamd as, use the -u
> parameter to spamd.
both were acalled using the same commandline
/usr/local/bin/spamd -d -r /logs/spamd.pid
ronan
--
Regards
Ronan McGlue
==============
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
Re: running children as root
Posted by Matt Kettler <mk...@comcast.net>.
At 10:26 AM 10/18/2004 +0100, Ronan wrote:
>what is the switch to set my spamd children to run as non root. Ive looked
>throuhg all the docs but i must have skipped over it or i am just in a
>monday mood and cant understand it...
by default spamd will *refuse* to run as root. Normaly spamd setuid's to
match the uid that called spamc.
If it finds itself running as still running as root after that, it will
setuid to "nobody" when it starts to scan mail.
If you want to specify a single user to run spamd as, use the -u parameter
to spamd.