You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by boogybren <na...@mcewan.net> on 2009/01/09 02:37:56 UTC
bayes_journal
I just upgraded from SA 3.0.1 to 3.2.5 today. The bayes_journal keeps
disappearing and SA kept complaining it didn't have permission to re-create
it.
So I chmod 777 the parent directory (/usr/local/etc/mail/spamassassin) and
SA finally recreated the bayes_journal file. However it looks like SA used
setuid to create it as the user the email was delivering to with 600
permissions.
So what happens when a different user's email gets processed when the
bayes_journal already has different ownership/permissions? Is there anyway
to just have either root update bayes_journal or leave the bayes_journal
there with 666 permissions?
Brenden
--
View this message in context: http://www.nabble.com/bayes_journal-tp21364727p21364727.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: bayes_journal
Posted by Kai Schaetzl <ma...@conactive.com>.
Matt Kettler wrote on Sun, 11 Jan 2009 15:17:12 -0500:
> My guess is it's used in the initial creation of .spamassassin, if none
> exists when bayes kicks up. Although one of the devs (theo?) once
> mentioned temp directories being created... not sure when that would
> ever happen.
Well, but this directive gets usually used for a site-wide Bayes database
and you would create the directory in advance. And for user-specific Bayes
you would not need/want to have all users have access to the other Bayes
directories.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: bayes_journal
Posted by Matt Kettler <mk...@verizon.net>.
Kai Schaetzl wrote:
> Matt Kettler wrote on Fri, 09 Jan 2009 07:57:17 -0500:
>
>
>> No it's not. The "mode" is really a mask, and is sometimes used in the
>> creation of directories.
>>
>
> well, it has worked all the years for me on those setups that use dbm
> storage. What directories should be created there? We only have db, index,
> journal, mutexes, locks and such, no directories.
>
My guess is it's used in the initial creation of .spamassassin, if none
exists when bayes kicks up. Although one of the devs (theo?) once
mentioned temp directories being created... not sure when that would
ever happen.
>
>> Files will be created at 666 when 0777 is used,
>>
>
> Ok, I didn't know that.
>
Yeah, the bayes config options are quite a bit misleading. bayes_path
isn't a path, it's a path plus partial filename. bayes_mode isn't a
mode, it's a mask. Great stuff eh?
Re: bayes_journal
Posted by Kai Schaetzl <ma...@conactive.com>.
Matt Kettler wrote on Fri, 09 Jan 2009 07:57:17 -0500:
> No it's not. The "mode" is really a mask, and is sometimes used in the
> creation of directories.
well, it has worked all the years for me on those setups that use dbm
storage. What directories should be created there? We only have db, index,
journal, mutexes, locks and such, no directories.
> Files will be created at 666 when 0777 is used,
Ok, I didn't know that.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: bayes_journal
Posted by Matt Kettler <mk...@verizon.net>.
Kai Schaetzl wrote:
> Matt Kettler wrote on Thu, 08 Jan 2009 21:08:49 -0500:
>
>
>> bayes_file_mode 0777
>>
>
> well, 0666 is definitely sufficient ;-)
>
No it's not. The "mode" is really a mask, and is sometimes used in the
creation of directories.
Files will be created at 666 when 0777 is used,
Re: bayes_journal
Posted by Kai Schaetzl <ma...@conactive.com>.
Matt Kettler wrote on Thu, 08 Jan 2009 21:08:49 -0500:
> bayes_file_mode 0777
well, 0666 is definitely sufficient ;-)
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: bayes_journal
Posted by Matt Kettler <mk...@verizon.net>.
Benny Pedersen wrote:
> On Fri, January 9, 2009 03:08, Matt Kettler wrote:
>
>
>> bayes_file_mode 0777
>>
>
> and any user on that host can overwrite it
>
>
Yep, that's what you need if you're sharing a single bayes DB amongst
all your users. They all need to be able to write it.
The alternative is doing one bayes DB per user, or switching to SQL.
Re: bayes_journal
Posted by Benny Pedersen <me...@junc.org>.
On Fri, January 9, 2009 03:08, Matt Kettler wrote:
> bayes_file_mode 0777
and any user on that host can overwrite it
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: bayes_journal
Posted by Matt Kettler <mk...@verizon.net>.
boogybren wrote:
> I just upgraded from SA 3.0.1 to 3.2.5 today. The bayes_journal keeps
> disappearing and SA kept complaining it didn't have permission to re-create
> it.
>
> So I chmod 777 the parent directory (/usr/local/etc/mail/spamassassin) and
> SA finally recreated the bayes_journal file. However it looks like SA used
> setuid to create it as the user the email was delivering to with 600
> permissions.
>
> So what happens when a different user's email gets processed when the
> bayes_journal already has different ownership/permissions? Is there anyway
> to just have either root update bayes_journal or leave the bayes_journal
> there with 666 permissions?
>
>
If you're sharing a bayes database among multiple users you need this
line in your local.cf so SA uses the right permissions:
bayes_file_mode 0777
Re: bayes_journal
Posted by Benny Pedersen <me...@junc.org>.
On Fri, January 9, 2009 02:37, boogybren wrote:
> Is there anyway to just have either root update
> bayes_journal or leave the bayes_journal there with
> 666 permissions?
remove bayes_path in your config
if defined in sitewide it needs root to update it, but if you use
bayes_path in user_prefs then its not that problem :)
do the user that runs spamassassin have a ~ ?
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: bayes_journal
Posted by Matt Kettler <mk...@verizon.net>.
boogybren wrote:
> The reason why I use the bayes path is because on my server (virtual private
> freebsd), the SA install writes the config files to
> /usr/local/etc/mail/spamassassin instead of /etc/mail/spamassassin. So if I
> don't specify bayes_path, then it will stick the bayes stuff under
> /etc/mail/spamassassin.
>
It shouldn't be in either location by default. It should be in the
invoking user's home directory.
Re: bayes_journal
Posted by boogybren <na...@mcewan.net>.
The reason why I use the bayes path is because on my server (virtual private
freebsd), the SA install writes the config files to
/usr/local/etc/mail/spamassassin instead of /etc/mail/spamassassin. So if I
don't specify bayes_path, then it will stick the bayes stuff under
/etc/mail/spamassassin.
Although using bayes_file_mode 0777 is insecure, I am okay with it giving
the fact that I am the only one with shell access to the box.
However, I would like to identify the right way to do it so I don't have to
throw a work around into play.
Thanks for all your input!
--
View this message in context: http://www.nabble.com/bayes_journal-tp21364727p21365382.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.