You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Pezhman Lali <pe...@yahoo.com> on 2006/07/05 18:37:53 UTC
spamd permision denied for non root user
hi
before it, I used this comand to run spamassassin, with root permision.
#spamd -u mail -d
now, spamd must be ran from local web page, (httpd ran as nobody)
so spamd can not run, because of this error:
[21152] error: spamd: could not create INET socket on 127.0.0.1:784: Permission denied
spamd: could not create INET socket on 127.0.0.1:784: Permission denied
let me know how i can run spamd -u mail , with non root user?
Best
thanks for your reply and help
Pezhman
---------------------------------
Yahoo! Music Unlimited - Access over 1 million songs.Try it free.
Re: spamd permision denied for non root user
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 5 Jul 2006, Pezhman Lali wrote:
> [25489] dbg: spamd: initial attempt to change real uid failed, trying BSD workaround
> [25489] error: spamd: setuid to uid 200 failed
> spamd: setuid to uid 200 failed
Non-root users cannot change the user-id on a running process. Take a
look at the parts of your config file that talk about which user to
run spamd as, and try setting them to the user that is actually
running the programs (e.g. you).
Having the daemon change to another user is a security feature
intended to not expose root-level permissions through any bugs in the
program. If you're not running as root you already have a lower level
of permissions, so there's little point to changing the userid.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
What nuts do with guns is terrible, certainly. But what evil or crazy
people do with *anything* is not a valid argument for banning that item.
-- John C. Randolph <jc...@idiom.com>
-----------------------------------------------------------------------
Re: spamd permision denied for non root user
Posted by Pezhman Lali <pe...@yahoo.com>.
Dear John
Thanks for your great help.
sorry because of my linux weakness.
now , there is another problem:
all of things are good till, spamassassin wants to build a child , and non end loop:
spamd: setuid to uid 200 failed
[25233] info: spamd: server successfully spawned child process, pid 25488
[25233] dbg: prefork: child 25488: entering state 0
[25233] dbg: prefork: new lowest idle kid: none
[25233] dbg: prefork: child closed connection
[25233] info: prefork: child states: SS
[25233] dbg: prefork: adjust: increasing, not enough idle children (0 < 1)
[25233] info: spamd: server successfully spawned child process, pid 25489
[25489] dbg: spamd: initial attempt to change real uid failed, trying BSD workaround
[25489] error: spamd: setuid to uid 200 failed
spamd: setuid to uid 200 failed
where is the problem?
thanks
Pezhman
"John D. Hardin" <jh...@impsec.org> wrote:
On Wed, 5 Jul 2006, Pezhman Lali wrote:
> before it, I used this comand to run spamassassin, with root permision.
> #spamd -u mail -d
>
> now, spamd must be ran from local web page, (httpd ran as nobody)
> so spamd can not run, because of this error:
> [21152] error: spamd: could not create INET socket on 127.0.0.1:784: Permission denied
> spamd: could not create INET socket on 127.0.0.1:784: Permission denied
>
> let me know how i can run spamd -u mail , with non root user?
Edit your spamd and spamc configs to use a port number > 1024 (for
example, 7840). Only root can listen on port numbers < 1024.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
----------------------------------------------------------------------
---------------------------------
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail Beta.
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1ยข/min.
Re: spamd permision denied for non root user
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 5 Jul 2006, Pezhman Lali wrote:
> before it, I used this comand to run spamassassin, with root permision.
> #spamd -u mail -d
>
> now, spamd must be ran from local web page, (httpd ran as nobody)
> so spamd can not run, because of this error:
> [21152] error: spamd: could not create INET socket on 127.0.0.1:784: Permission denied
> spamd: could not create INET socket on 127.0.0.1:784: Permission denied
>
> let me know how i can run spamd -u mail , with non root user?
Edit your spamd and spamc configs to use a port number > 1024 (for
example, 7840). Only root can listen on port numbers < 1024.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Look at the people at the top of both efforts. Linus Torvalds is a
university graduate with a CS degree. Bill Gates is a university
dropout who bragged about dumpster-diving and using other peoples'
garbage code as the basis for his code. Maybe that has something to
do with the difference in quality/security between Linux and
Windows. -- anytwofiveelevenis on Y! SCOX
----------------------------------------------------------------------