On Tue, 20 Dec 2016 11:53:43 -0700 Mike Brown wrote: > The AS_ROOT option in the mail/spamassassin port is really confusing > to me. Given that its description is "Run spamd as root > (recommended)", what actually happens is somewhat bonkers: > > The main spamd process always runs as root. If AS_ROOT is enabled, > then the child processes who do all the work will not run as root, > but rather as unprivileged user spamd. If AS_ROOT is disabled, then > the children *will* run as root, but as needed they will setuid to > the user calling spamc. > Which setting you want depends on where user prefs and Bayes data is > stored. If it's in user-owned ~/.spamassassin directories, then you > want AS_ROOT disabled or you'll get a plethora of error messages and > lock file warnings relating to permissions, since user spamd can't > write where it needs to.
That shouldn't happen as the default (without virtual users) is to use /var/spool/spamd, the spamd user's home directory. > It took me a while to figure this out on a fresh installation. I > enabled the option, thinking "yes, of course I want it to run as > root, so that it can write to the users' home directories"... then I > was confused when it ended up not running as root but rather as user > spamd, and the behavior I wanted was only possible if I configured > the port to *not* run spamd as root. > > I guess I am just griping, but I would like to think there is a > better way to describe and name the configuration option. Maybe > AS_SPAMD_USER with description "Run spamd as unprivileged user > (recommended)"? I never noticed this because (probably like a lot of people) the first thing I did was set my own spamd_flags in rc.conf and that overrides the effect of AS_ROOT. I do agree it's confusing. I've CC'ed the maintainer. _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
