On 2024-07-12 at 10:51:08 UTC-0400 (Fri, 12 Jul 2024 10:51:08 -0400)
Steve Charmer <stevecharm...@gmail.com>
is rumored to have said:
I have a cron job running as root, which calls sa-update
it warns about unsafe ownership
----------------------------------------------------
gpg: WARNING: unsafe ownership on homedir
`/var/lib/spamassassin/sa-update-keys'
Note that this is only a warning, not a failure.
----------------------------------------------------
this is my current ownership
ls -la /var/lib/spamassassin/sa-update-keys
total 16
drwx------ 2 spamd root 4096 Jun 20 2017 .
drwxr-xr-x 7 spamd spamd 4096 Nov 22 2018 ..
-rwx------ 1 spamd root 2783 Jun 20 2017 pubring.gpg
-rwx------ 1 spamd root 0 Jun 20 2017 pubring.gpg~
-rwx------ 1 spamd root 0 Jun 20 2017 secring.gpg
-rwx------ 1 spamd root 1200 Jun 20 2017 trustdb.gpg
----------------------------------------------------
I've read that the ownership should be root,
Would reading that advice again help you follow it? :)
Make the owner root.
so does having the owner =
spamd, and the group = root, causing that warning?
I'm betting yes, although I have not tested it. The definitive answer
would come from looking at the gpg documentation, I expect.
I thought having group =
root would fix any ownership issues.
It will not, because gpg wants its keys to be owned by the user running
gpg and no one else. it works with this setup because you're running as
root, but it still knows that those keys belong to someone else.
I cannot recall now, why I set owner
to spamd. maybe spamd could not read the gpg keys when trying an
update
before?
Why would a program run as root need that?
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
