setuid fails with SQL user prefs

[david hardy <da...@planetmind.net>]

Just upgraded our mailserver (~400 users) to ubuntu 12.04 using  
sendmail/procmail/spamassasin with SA userprefs from MySQL database.  
We had been using Bayes with db stored in user's home DIR with no  
problems previously, but it's failing now.

with spamd invoked with "-Q -H -u nobody -x --max-children 5"

I get

  spamd: spamd: fatal error: setuid to [user] (748) failed at  
/usr/sbin/spamd line 2375, <GEN22> line 2

with -q instead of -Q if get

  plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot  
create tmp lockfile /nonexistent/.spamassassin/bayes.lock.24057 for  
/nonexistent/.spamassassin/bayes.lock: No such file or directory

It's pretty obvious that spamd is unable to setuid to the mail user,  
but why? I do notice that the package "perl-suid" has been removed  
from ubuntu.

SpamAssassin Server version 3.3.2
   running on Perl 5.14.2

procmailrc:

# filter using spamassassin
DROPPRIVS=yes
:0fw: spamassassin.lock
* < 500000
| spamc

Any help would be much appreciated. I have scoured google to no avail.

David

Re: setuid fails with SQL user prefs

[david hardy <da...@planetmind.net>]

Quoting Benny Pedersen <me...@junc.eu>:

>> with spamd invoked with "-Q -H -u nobody -x --max-children 5"
>
> spamd should not use -u, spamc should
>
> the error is that nobody cant change uid :)

Thank you! that was it, makes perfect sense.

David

Re: setuid fails with SQL user prefs

[Benny Pedersen <me...@junc.eu>]

david hardy skrev den 2013-11-05 18:29:

> with spamd invoked with "-Q -H -u nobody -x --max-children 5"

spamd should not use -u, spamc should

the error is that nobody cant change uid :)

spamd does not run as root anyway, it just keep one process rooted to 
get uid change working, the spamd scan engine is depricated to not use 
root, hopefully i am right since i do not yet use spamd but spampd