On Thursday 18 December 2008, Kai Schaetzl wrote:
>Gene Heskett wrote on Thu, 18 Dec 2008 15:13:28 -0500:
>> Following the above tut, step 2 fails as root owns the /etc/mail tree, and
>> the user running SA has no perms. What should the owner/group actually be
>> for that? I changed it to $user:mail and that seemed to fix it.
>
>I assume your are not using sendmail then?
Yes, AFAIK I am.
>As you import this key only once I'd rather do that step as root. Then
> requires root for changing it as well - which I think is good.
>
>> Now however, I find other spamassassin trees (like /usr/share/spamassassin
>> where all these .cf files live) are also owned by root, can I just chown
>> them to that user:mail too?
>
>sa-update does not write to this directory, so you can ignore that. But you
> will see problems with writing to /var/lib/spamassassin I suppose. I'm
> running sa- update as root, don't know what others are doing.
All well and good I presume, but that is also conflicting advice re security.
I do ALL my mail fetching and spamassassin stuff as an unpriviledged user
clear up to dumping it into a mailfile in /var/mail/$user.
Then as root, I suck that $user file into kmail and sort it to the appropriate
folders. Which is why, when I do an sa-learn session, I first pickup the
stuff I as root have dropped in the spam directory, copy it to that users
scratchpad, chown it to that user, run sa-learn against that, so that there
are no clashes in ownership. Once sa-learn is finished with it, it gets
nuked till the next days crontab launched repeat.
You mentioned /var/lib/spamassassin. It is currently owned by root and empty.
Maybe that explains why I feed this viagra crap 20 x a day to sa-learn and it
doesn't seem to? What should I do to populate that if its needed after I
chown it to $user:mail?
Thanks Kai.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Operative: "Do you know what your sin is?"
--"Serenity"
