You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rob Kudyba <rk...@raeinternet.com> on 2005/04/11 21:20:03 UTC
various debug errors: SpamAssassin.pm line 1453_ No such file or
directory, cannot tie DB R/O: //.spamassassin/bayes_toks
SA 3.02 on RH 8,
perl -v
This is perl, v5.8.6 built for i686-linux
How can we make the below errors disappear? Also, what does the
(unknown) mean in the below log snips?
Apr 11 14:54:49 herbie spamd[16878]: debug: mkdir //.spamassassin
failed: mkdir //.spamassassin: Permission denied at
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1453_ No
such file or directory
Apr 11 14:54:49 herbie spamd[16878]: debug: open of AWL file failed:
lock: 16878 cannot create tmp lockfile
//.spamassassin/auto-whitelist.lock.herbie.raeinternet.com.16878 for
//.spamassassin/auto-whitelist.lock: No such file or directory
Apr 11 14:54:49 herbie spamd[16878]: logmsg: clean message (-2.8/5.5)
for (unknown):99 in 2.8 seconds, 2510 bytes.
Apr 11 14:54:49 herbie spamd[16878]: clean message (-2.8/5.5) for
(unknown):99 in 2.8 seconds, 2510 bytes.
Apr 11 14:55:38 herbie spamd[16880]: debug: bayes: no dbs present,
cannot tie DB R/O: //.spamassassin/bayes_toks
Re: various debug errors: SpamAssassin.pm line 1453_ No such file
or directory, cannot tie DB R/O: //.spamassassin/bayes_toks
Posted by Rob Kudyba <rk...@raeinternet.com>.
Matt Kettler wrote:
>Rob Kudyba wrote:
>
>
>
>>Not using spamc at the moment. Running spamd as user nobody.
>>
>>nobody 16877 0.0 1.1 26356 5848 ? S Apr08 0:01
>>/usr/local/bin/perl -T -w /usr/local/bin/spamd -u nobody -d -x -D
>>nobody 16878 0.0 4.0 30208 20712 ? S Apr08 1:07 spamd
>>child
>>nobody 16879 0.0 4.1 30308 21132 ? S Apr08 1:09 spamd
>>child
>>nobody 16880 0.0 4.0 29832 20816 ? S Apr08 1:09 spamd
>>child
>>nobody 16881 0.0 4.0 30048 20916 ? S Apr08 1:09 spamd
>>child
>>nobody 16882 0.0 4.0 29792 20848 ? S Apr08 1:08 spamd
>>child
>>
>>in /etc/passwd:
>>nobody:x:99:99:Nobody:/:/sbin/nologin
>>
>>So I'm guessing a fix would be:
>>mkdir /home/nobody
>>
>>
>>
>STOP!!!!!! DO NOT UNDER ANY CONDITION GIVE NOBODY A HOME DIRECTORY THAT
>IT CAN WRITE TO.
>
>You WILL reduce the security of your server if you do so. Nobody is NOT
>intended to have a writable home directory. Many applications revoke
>privilege to nobody, and they gain added strength against attack from
>this feature of the account.
>
>Do not weaken the security of other apps on your system to fix this.
>
>Instead, do as I suggested create a dedicated deprivileged user, and use
>that instead of nobody.
>
>
Appreciate the correction. Created a new user, spamd, with home
directory of /home/spamd, and no more errors and the AWL and bayes files
are now correctly created in the /home/spamd/.spamassassin directory:
94440 -rw------- 1 spamd spamd 12288 Apr 11 16:20
auto-whitelist
94442 -rw------- 1 spamd spamd 12288 Apr 11 16:20 bayes_seen
94441 -rw------- 1 spamd spamd 12288 Apr 11 16:20 bayes_toks
Re: various debug errors: SpamAssassin.pm line 1453_ No such file
or directory, cannot tie DB R/O: //.spamassassin/bayes_toks
Posted by Matt Kettler <mk...@evi-inc.com>.
Rob Kudyba wrote:
>
> Not using spamc at the moment. Running spamd as user nobody.
>
> nobody 16877 0.0 1.1 26356 5848 ? S Apr08 0:01
> /usr/local/bin/perl -T -w /usr/local/bin/spamd -u nobody -d -x -D
> nobody 16878 0.0 4.0 30208 20712 ? S Apr08 1:07 spamd
> child
> nobody 16879 0.0 4.1 30308 21132 ? S Apr08 1:09 spamd
> child
> nobody 16880 0.0 4.0 29832 20816 ? S Apr08 1:09 spamd
> child
> nobody 16881 0.0 4.0 30048 20916 ? S Apr08 1:09 spamd
> child
> nobody 16882 0.0 4.0 29792 20848 ? S Apr08 1:08 spamd
> child
>
> in /etc/passwd:
> nobody:x:99:99:Nobody:/:/sbin/nologin
>
> So I'm guessing a fix would be:
> mkdir /home/nobody
>
STOP!!!!!! DO NOT UNDER ANY CONDITION GIVE NOBODY A HOME DIRECTORY THAT
IT CAN WRITE TO.
You WILL reduce the security of your server if you do so. Nobody is NOT
intended to have a writable home directory. Many applications revoke
privilege to nobody, and they gain added strength against attack from
this feature of the account.
Do not weaken the security of other apps on your system to fix this.
Instead, do as I suggested create a dedicated deprivileged user, and use
that instead of nobody.
>
Re: various debug errors: SpamAssassin.pm line 1453_ No such file
or directory, cannot tie DB R/O: //.spamassassin/bayes_toks
Posted by Rob Kudyba <rk...@raeinternet.com>.
Matt Kettler wrote:
>Rob Kudyba wrote:
>
>
>
>>SA 3.02 on RH 8,
>>perl -v
>>
>>This is perl, v5.8.6 built for i686-linux
>>
>>How can we make the below errors disappear? Also, what does the
>>(unknown) mean in the below log snips?
>>
>>Apr 11 14:54:49 herbie spamd[16878]: debug: mkdir //.spamassassin
>>failed: mkdir //.spamassassin: Permission denied at
>>/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1453_
>>No such file or directory
>>Apr 11 14:54:49 herbie spamd[16878]: debug: open of AWL file failed:
>>lock: 16878 cannot create tmp lockfile
>>//.spamassassin/auto-whitelist.lock.herbie.raeinternet.com.16878 for
>>//.spamassassin/auto-whitelist.lock: No such file or directory
>>
>>Apr 11 14:54:49 herbie spamd[16878]: logmsg: clean message (-2.8/5.5)
>>for (unknown):99 in 2.8 seconds, 2510 bytes.
>>Apr 11 14:54:49 herbie spamd[16878]: clean message (-2.8/5.5) for
>>(unknown):99 in 2.8 seconds, 2510 bytes.
>>
>>Apr 11 14:55:38 herbie spamd[16880]: debug: bayes: no dbs present,
>>cannot tie DB R/O: //.spamassassin/bayes_toks
>>
>>
>>
>
>My guess is you are running spamd as root, and calling spamc as root also.
>
>In this case, for security reasons spamd will revoke privileges to the
>user "nobody". It would appear that on your RH8 box, "nobody" has a home
>directory of /, which it has no privilege to write to. (which is a good
>thing. Nobody is supposed to be a user of no real privilege)
>
>If you're just doing a site-wide setup I'd strongly suggest creating a
>"spamd" user, and giving it a home directory that it has RW access to.
>Pass this user with the -u parameter to either spamd or spamc. This way
>SA will use the spamd user's home directory to store bayes data in, and
>will still run as a non-root user.
>
>
Not using spamc at the moment. Running spamd as user nobody.
nobody 16877 0.0 1.1 26356 5848 ? S Apr08 0:01
/usr/local/bin/perl -T -w /usr/local/bin/spamd -u nobody -d -x -D
nobody 16878 0.0 4.0 30208 20712 ? S Apr08 1:07 spamd child
nobody 16879 0.0 4.1 30308 21132 ? S Apr08 1:09 spamd child
nobody 16880 0.0 4.0 29832 20816 ? S Apr08 1:09 spamd child
nobody 16881 0.0 4.0 30048 20916 ? S Apr08 1:09 spamd child
nobody 16882 0.0 4.0 29792 20848 ? S Apr08 1:08 spamd child
in /etc/passwd:
nobody:x:99:99:Nobody:/:/sbin/nologin
So I'm guessing a fix would be:
mkdir /home/nobody
and in /etc/passwd, change Nobody's entry to :
nobody:x:99:99:Nobody:/home/nobody:/sbin/nologin
Re: various debug errors: SpamAssassin.pm line 1453_ No such file
or directory, cannot tie DB R/O: //.spamassassin/bayes_toks
Posted by Matt Kettler <mk...@evi-inc.com>.
Rob Kudyba wrote:
> SA 3.02 on RH 8,
> perl -v
>
> This is perl, v5.8.6 built for i686-linux
>
> How can we make the below errors disappear? Also, what does the
> (unknown) mean in the below log snips?
>
> Apr 11 14:54:49 herbie spamd[16878]: debug: mkdir //.spamassassin
> failed: mkdir //.spamassassin: Permission denied at
> /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin.pm line 1453_
> No such file or directory
> Apr 11 14:54:49 herbie spamd[16878]: debug: open of AWL file failed:
> lock: 16878 cannot create tmp lockfile
> //.spamassassin/auto-whitelist.lock.herbie.raeinternet.com.16878 for
> //.spamassassin/auto-whitelist.lock: No such file or directory
>
> Apr 11 14:54:49 herbie spamd[16878]: logmsg: clean message (-2.8/5.5)
> for (unknown):99 in 2.8 seconds, 2510 bytes.
> Apr 11 14:54:49 herbie spamd[16878]: clean message (-2.8/5.5) for
> (unknown):99 in 2.8 seconds, 2510 bytes.
>
> Apr 11 14:55:38 herbie spamd[16880]: debug: bayes: no dbs present,
> cannot tie DB R/O: //.spamassassin/bayes_toks
>
My guess is you are running spamd as root, and calling spamc as root also.
In this case, for security reasons spamd will revoke privileges to the
user "nobody". It would appear that on your RH8 box, "nobody" has a home
directory of /, which it has no privilege to write to. (which is a good
thing. Nobody is supposed to be a user of no real privilege)
If you're just doing a site-wide setup I'd strongly suggest creating a
"spamd" user, and giving it a home directory that it has RW access to.
Pass this user with the -u parameter to either spamd or spamc. This way
SA will use the spamd user's home directory to store bayes data in, and
will still run as a non-root user.