You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Odhiambo Washington <wa...@wananchi.com> on 2006/11/27 22:23:30 UTC

permissions for the bayes_*

I am trying to figure out something:

When spamd is being run WITHOUT -u johndoe, then presumably, it is 
running as root, yes?

So, who should own the files in --siteconfigpath? Especially those that
require modification, like the bayes* and auto_whitelist files?


I am running a setup where spamc is invoked from a global procmailrc
for certain users. However, I see in the logs (I am logging spamd 
activities via syslog rule) the following:

Tue Nov 28 00:01:08 2006 [96179] info: spamd: connection from localhost [127.0.0.1] at port 2537
Tue Nov 28 00:01:08 2006 [96179] info: spamd: setuid to janedoe succeeded
Tue Nov 28 00:01:08 2006 [96179] warn: bayes: failed rename /usr/local/etc/mail/spamassassin/bayes_journal \
to /usr/local/etc/mail/spamassassin/bayes_journal.old

Tue Nov 28 00:17:43 2006 [59320] info: spamd: connection from localhost [127.0.0.1] at port 4938
Tue Nov 28 00:17:43 2006 [59320] info: spamd: setuid to johndoe succeeded
Tue Nov 28 00:17:43 2006 [59320] info: spamd: processing message <BA...@phx.gbl> for argus:1575
Tue Nov 28 00:17:45 2006 [59320] warn: bayes: cannot write to /usr/local/etc/mail/spamassassin/bayes_journal, bayes db update ignored: Permission
 denied



This happens at every instance that spamc is invoked for a user.


Here is how the procmail rule invokes spamc:

<cut>
# PART I - Spam Filter stuff

DROPPRIVS = yes
LOGFILE=/tmp/quarantine_procmail.log_`/bin/date +%Y%m%d`
VERBOSE=on
LOGABSTRACT=all


:0fwE
* < 256000
| /usr/local/bin/spamc -u $LOGNAME

:0e
{
    EXITCODE=$?
}

:0:
* ^X-Spam-Status: Yes
$SPAMFILE

</cut>





DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wa...@wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

My theology, briefly, is that the universe was dictated but not
signed.
		-- Christopher Morley

Re: permissions for the bayes_*

Posted by Odhiambo Washington <wa...@wananchi.com>.

* On 27/11/06 16:31 -0500, Theo Van Dinter wrote:
| On Tue, Nov 28, 2006 at 12:23:30AM +0300, Odhiambo Washington wrote:
| > When spamd is being run WITHOUT -u johndoe, then presumably, it is 
| > running as root, yes?
| 
| The parent is, the children run as the user calling spamc.
| 
| > So, who should own the files in --siteconfigpath? Especially those that
| > require modification, like the bayes* and auto_whitelist files?
| 
| there are, by default, no files in the site config dir that need modification
| by users.  it's all config files.
| 
| if you're trying to setup a sitewide bayes/awl, then you'll need to have the
| files writable by everyone, basically.
| 
| > Tue Nov 28 00:01:08 2006 [96179] warn: bayes: failed rename /usr/local/etc/mail/spamassassin/bayes_journal \
| > to /usr/local/etc/mail/spamassassin/bayes_journal.old
| 
| I would suggest moving the bayes/awl files to a different directory and
| granting permission there to the whole dir.  you don't want to open your site
| config dir up to all your users.

I get the point now. I've been fighting with this far too long ;)



-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wa...@wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

"About the time we think we can make ends meet, somebody moves the
ends."
		-- Herbert Hoover

Re: permissions for the bayes_*

Posted by Theo Van Dinter <fe...@apache.org>.

On Tue, Nov 28, 2006 at 12:23:30AM +0300, Odhiambo Washington wrote:
> When spamd is being run WITHOUT -u johndoe, then presumably, it is 
> running as root, yes?

The parent is, the children run as the user calling spamc.

> So, who should own the files in --siteconfigpath? Especially those that
> require modification, like the bayes* and auto_whitelist files?

there are, by default, no files in the site config dir that need modification
by users.  it's all config files.

if you're trying to setup a sitewide bayes/awl, then you'll need to have the
files writable by everyone, basically.

> Tue Nov 28 00:01:08 2006 [96179] warn: bayes: failed rename /usr/local/etc/mail/spamassassin/bayes_journal \
> to /usr/local/etc/mail/spamassassin/bayes_journal.old

I would suggest moving the bayes/awl files to a different directory and
granting permission there to the whole dir.  you don't want to open your site
config dir up to all your users.

alternately, use sql.

-- 
Randomly Selected Tagline:
"Jack- she's two.  You could surprise her with a piece of old bread."
                - From Just Shoot Me