On Monday 28 March 2005 15:01, Daryl C. W. O'Shea wrote: >Steve Prior wrote: >> Gene Heskett wrote: >>> The point being that under those conditions, root doesn't have >>> any filtering. So, I located that section of code in >>> /usr/bin/spamd, and commented it out. I believe its now working. >>> Locking root out of using a valuable tool just to try and >>> convince that user not to run as root isn't security IMO, its >>> excessive paranoia. That piece of the code should be wrapped in >>> a config file option, and then forget to document the option >>> maybe. In that case, someone with enough smarts to read the code >>> can figure it out. >>> >>> My converting to run as other than root here would be a virtual >>> wipe it and reinstall of a nearly 70 GB system. Thats not going >>> to happen barring a major hardware failure. And I have good >>> backups so I'd recover rather than reinstall anyway. >> >> Or you could simply put an alias in to redirect roots email to a >> different userid which wouldn't have the "no root" restriction. >> That should be no big >> deal. >> >> Steve > >Gene doesn't even need to do that. Just create another user, such > as 'rootsa' and call spamc with the option '-u rootsa'. Or, if > you'd like a more generic or global SA bayes database/etc, > something like 'spamd' would be appropriate. > >There's no need to open up SA to possible exploits of modules it > depends on (or itself). > I tried a variation on that, makeing a user 'spamd' but then it still didn't have permissions to use or update the filter files. I didn't try making spamd a member of root though. I also tried making all the rules file owned by nobody:nobody but that didn't work either.
What I have done now is letting it work according to the log. And its gradually getting back in synch with the latest viagra peddlers. > >Daryl -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.34% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
