You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Odhiambo Washington <wa...@wananchi.com> on 2006/11/27 22:23:30 UTC
permissions for the bayes_*
I am trying to figure out something:
When spamd is being run WITHOUT -u johndoe, then presumably, it is
running as root, yes?
So, who should own the files in --siteconfigpath? Especially those that
require modification, like the bayes* and auto_whitelist files?
I am running a setup where spamc is invoked from a global procmailrc
for certain users. However, I see in the logs (I am logging spamd
activities via syslog rule) the following:
Tue Nov 28 00:01:08 2006 [96179] info: spamd: connection from localhost [127.0.0.1] at port 2537
Tue Nov 28 00:01:08 2006 [96179] info: spamd: setuid to janedoe succeeded
Tue Nov 28 00:01:08 2006 [96179] warn: bayes: failed rename /usr/local/etc/mail/spamassassin/bayes_journal \
to /usr/local/etc/mail/spamassassin/bayes_journal.old
Tue Nov 28 00:17:43 2006 [59320] info: spamd: connection from localhost [127.0.0.1] at port 4938
Tue Nov 28 00:17:43 2006 [59320] info: spamd: setuid to johndoe succeeded
Tue Nov 28 00:17:43 2006 [59320] info: spamd: processing message <BA...@phx.gbl> for argus:1575
Tue Nov 28 00:17:45 2006 [59320] warn: bayes: cannot write to /usr/local/etc/mail/spamassassin/bayes_journal, bayes db update ignored: Permission
denied
This happens at every instance that spamc is invoked for a user.
Here is how the procmail rule invokes spamc:
<cut>
# PART I - Spam Filter stuff
DROPPRIVS = yes
LOGFILE=/tmp/quarantine_procmail.log_`/bin/date +%Y%m%d`
VERBOSE=on
LOGABSTRACT=all
:0fwE
* < 256000
| /usr/local/bin/spamc -u $LOGNAME
:0e
{
EXITCODE=$?
}
:0:
* ^X-Spam-Status: Yes
$SPAMFILE
</cut>
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wa...@wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
My theology, briefly, is that the universe was dictated but not
signed.
-- Christopher Morley
Re: permissions for the bayes_*
Posted by Odhiambo Washington <wa...@wananchi.com>.
* On 27/11/06 16:31 -0500, Theo Van Dinter wrote:
| On Tue, Nov 28, 2006 at 12:23:30AM +0300, Odhiambo Washington wrote:
| > When spamd is being run WITHOUT -u johndoe, then presumably, it is
| > running as root, yes?
|
| The parent is, the children run as the user calling spamc.
|
| > So, who should own the files in --siteconfigpath? Especially those that
| > require modification, like the bayes* and auto_whitelist files?
|
| there are, by default, no files in the site config dir that need modification
| by users. it's all config files.
|
| if you're trying to setup a sitewide bayes/awl, then you'll need to have the
| files writable by everyone, basically.
|
| > Tue Nov 28 00:01:08 2006 [96179] warn: bayes: failed rename /usr/local/etc/mail/spamassassin/bayes_journal \
| > to /usr/local/etc/mail/spamassassin/bayes_journal.old
|
| I would suggest moving the bayes/awl files to a different directory and
| granting permission there to the whole dir. you don't want to open your site
| config dir up to all your users.
I get the point now. I've been fighting with this far too long ;)
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wa...@wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
"About the time we think we can make ends meet, somebody moves the
ends."
-- Herbert Hoover
Re: permissions for the bayes_*
Posted by Theo Van Dinter <fe...@apache.org>.
On Tue, Nov 28, 2006 at 12:23:30AM +0300, Odhiambo Washington wrote:
> When spamd is being run WITHOUT -u johndoe, then presumably, it is
> running as root, yes?
The parent is, the children run as the user calling spamc.
> So, who should own the files in --siteconfigpath? Especially those that
> require modification, like the bayes* and auto_whitelist files?
there are, by default, no files in the site config dir that need modification
by users. it's all config files.
if you're trying to setup a sitewide bayes/awl, then you'll need to have the
files writable by everyone, basically.
> Tue Nov 28 00:01:08 2006 [96179] warn: bayes: failed rename /usr/local/etc/mail/spamassassin/bayes_journal \
> to /usr/local/etc/mail/spamassassin/bayes_journal.old
I would suggest moving the bayes/awl files to a different directory and
granting permission there to the whole dir. you don't want to open your site
config dir up to all your users.
alternately, use sql.
--
Randomly Selected Tagline:
"Jack- she's two. You could surprise her with a piece of old bread."
- From Just Shoot Me