Hi All,
I changed the subject line to hopefully get some insight from a wider
audience regarding this situation that Reindl uncovered:
It started here:
It appears that it IS running as root?! OR maybe as "sa-milt" ... As
root I got this:
# ps auxwww | grep spamd
root 100805 0.0 0.3 158208 121164 ? Ss 00:37 0:05
/usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H
--razor-home-dir=/var/lib/razor/ --razor-log-file=sys-syslog
Reindl replied:
give common sense a few seconds: do you REALLY want to process mails
containing junk and malware with root privileges?
And went on to share that his Fedora 37 runs as sa-milt.
There IS an sa-milt entry in /etc/passwd, so...
I just took a few minutes to confirm that the DEFAULT installation on
Fedora Server 38 runs spamd as root - at least, that's sure my take from
this:
# ps -auxwww | grep spam
root 192531 2.3 4.0 158360 146936 ? Ss 08:53 0:01
/usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H --razor-home-dir=/var/lib/razor/
--razor-log-file=sys-syslog
root 192535 0.0 3.7 158360 137488 ? S 08:53 0:00 spamd child
root 192536 0.0 3.7 158360 137616 ? S 08:53 0:00 spamd child
...GIVEN that this is the DEFAULT on this distribution - a very popular
distribution - I'm ... speachless since, as Reindl points out, processing
unknown inbound email is NOT a great place to hav a process running as
root!
THEREFORE: Can anyone give me the quick path to changing this to running
as sa-milt, as his system does?
Changing the file ownerships is trivial, and I know from doing some
packaging for Fedora systems that there's a spot to give the user (and
group) IDs programs are supposed to be run under in sysconfig. A quick
look shows there are three for Spam Assassin on my system:
/etc/sysconfig/spamassassin
/etc/sysconfig/spamass-milter
/etc/sysconfig/spamass-milter-postfix
Before I make changes and possibly screw things up; any advice?
Thanks!
Richard
