> On 20 Dec, 2016, at 16:51, RW <rwmailli...@googlemail.com> wrote:
>
> On Tue, 20 Dec 2016 11:53:43 -0700
> Mike Brown wrote:
>
>> The AS_ROOT option in the mail/spamassassin port is really confusing
>> to me. Given that its description is "Run spamd as root
>> (recommended)", what actually happens is somewhat bonkers:
>>
>> The main spamd process always runs as root. If AS_ROOT is enabled,
>> then the child processes who do all the work will not run as root,
>> but rather as unprivileged user spamd. If AS_ROOT is disabled, then
>> the children *will* run as root, but as needed they will setuid to
>> the user calling spamc.
>> Which setting you want depends on where user prefs and Bayes data is
>> stored. If it's in user-owned ~/.spamassassin directories, then you
>> want AS_ROOT disabled or you'll get a plethora of error messages and
>> lock file warnings relating to permissions, since user spamd can't
>> write where it needs to.
>
> That shouldn't happen as the default (without virtual users) is to
> use /var/spool/spamd, the spamd user's home directory.
>
>> It took me a while to figure this out on a fresh installation. I
>> enabled the option, thinking "yes, of course I want it to run as
>> root, so that it can write to the users' home directories"... then I
>> was confused when it ended up not running as root but rather as user
>> spamd, and the behavior I wanted was only possible if I configured
>> the port to *not* run spamd as root.
>>
>> I guess I am just griping, but I would like to think there is a
>> better way to describe and name the configuration option. Maybe
>> AS_SPAMD_USER with description "Run spamd as unprivileged user
>> (recommended)"?
>
> I never noticed this because (probably like a lot of people) the first
> thing I did was set my own spamd_flags in rc.conf and that overrides
> the effect of AS_ROOT.
>
> I do agree it's confusing. I've CC'ed the maintainer.
Thanks for the Cc, RW. Mike, I completely agree that the wording is terrible.
I think your suggested text ("Run spamd as unprivileged user (recommended)") is
great.
The ports system also has the ability to put more detail into a pkg-help file
that shows up as something like "Press ^E for more info." It sounds like this
would be useful here. It's been a while since I messed around with that option
so would you be interested in writing a slightly more detailed explanation of
the difference?
# Adam
--
Adam Weinberger
ad...@adamw.org
https://www.adamw.org
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
