You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Srilatha <sr...@intoto.com> on 2007/10/03 09:30:43 UTC

unable to run sa-learn utility as non-root user

Hi,

I am using SpamAssassin 3.2.1

sa-learn utility is taking user name but it is not running as the given user

did anyone observe this issue ?

regards,
Srilatha


********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.
 
Intoto Inc.

Re: unable to run sa-learn utility as non-root user

Posted by Matt Kettler <mk...@verizon.net>.

Srilatha wrote:
> Hi,
>
> I am using SpamAssassin 3.2.1
>
> sa-learn utility is taking user name but it is not running as the
> given user
First, I assume you're trying to use sa-learn -u.

If you read the docs closely, the -u parameter to sa-learn *ONLY* works
for SQL and virtual configurations.

 It will NOT cause sa-learn to setuid itself, so it will not work if
you're using db_files in the users home directory for bayes storage.

---------------------
       -u username, --username=username
           If specified this username will override the username taken from
           the runtime environment.  You can use this option to specify
users
           in a virtual user configuration when using SQL as the Bayes back-
           end.

           NOTE: This option will not change to the given username, it will
           only attempt to act on behalf of that user.  Because of this you
           will need to have proper permissions to be able to change files
           owned by username.  In the case of SQL this generally is not a
           problem.
------------------------

Re: unable to run sa-learn utility as non-root user

Posted by Srilatha <sr...@intoto.com>.

Hi,

Even though we run the utility as root, we can specify any user name 
with option '-u'.

Even though we specify a valid user name, it is not running in the 
given user context.

When i did code walk through of sa-learn code, it is observed that 
there is no code in sa-learn utility to set user id of sa-learn 
process to the given user's

When i copied the following code from spamd and added to sa-learn, it 
is working fine

  # support non-root use
   if ( $opt{'username'} ) {
       my ( $uuid, $ugid ) = ( getpwnam( $opt{'username'} ) )[ 2, 3 ];
       if ( !defined $uuid || $uuid == 0 ) {
         die "spamd: cannot run as nonexistent user\n";
       }
       # Change GID
       $) = "$ugid $ugid";    # effective gid
       $( = $ugid;            # real gid

       # Change UID
       $> = $uuid;            # effective uid
       $< = $uuid;            # real uid. we now cannot setuid anymore

       # bug 3900: BSD perl bug. see comment in setuid_to_euid() in
       # Mail::SA::Util on the same issue.
       if ($< != $uuid) {
         dbg("spamd: initial attempt to change real uid failed, 
trying BSD workaround");

         $> = $<;              # revert euid to ruid
         $< = $uuid;           # change ruid to target
         $> = $uuid;           # change euid back to target
       }

       if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) {
         die "spamd: setuid to uid $uuid failed\n";
       }
     }


regards,
Srilatha

At 05:46 PM 10/3/2007, Matus UHLAR - fantomas wrote:
>On 03.10.07 13:00, Srilatha wrote:
> > I am using SpamAssassin 3.2.1
> >
> > sa-learn utility is taking user name but it is not running as the given
> > user
> >
> > did anyone observe this issue ?
>
>do you execute it with root privileges? Otherwise it can't run under
>specified user (of course unless  you run it under the same user)
>--
>Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
>Warning: I wish NOT to receive e-mail advertising to this address.
>Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>Your mouse has moved. Windows NT will now restart for changes to take
>to take effect. [OK]



********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s) 
and may contain confidential, proprietary and privileged information. Any unauthorized review, 
use, disclosure or distribution is prohibited. If you are not the intended recipient, 
please immediately notify the sender by reply email and destroy all copies of the original message. 
Thank you.
 
Intoto Inc.

Re: unable to run sa-learn utility as non-root user

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 03.10.07 13:00, Srilatha wrote:
> I am using SpamAssassin 3.2.1
> 
> sa-learn utility is taking user name but it is not running as the given
> user
> 
> did anyone observe this issue ?

do you execute it with root privileges? Otherwise it can't run under
specified user (of course unless  you run it under the same user)
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]