On Friday 03 July 2009, Matt Kettler wrote: >Gene Heskett wrote: >> Greetings all; >> >> I _thought_ I had sa-update running ok, but it seemed that the >> effectiveness was stagnant, so I found the cron entry that was running >> as-update & discovered a syntax error there, which when I fixed it, >> disclosed that I had all sorts of perms problems that I don't seem to be >> able to fix readily. >> >> sa-update is being run as the user saupdate, which is a member of the >> group mail. I have made the whole /var/lib/spamassassin/keys tree an >> saupdate:mail, with very limited rights as in: >> drw------- 2 saupdate mail 4096 2008-12-19 16:05 keys >> >> But sa-update appears not to have perms to access or create gpg keys >> there. -------------------------- >> [r...@coyote init.d]# su saupdate -c "/usr/bin/sa-update --gpghomedir >> /var/lib/spamassassin/keys" >> gpg: failed to create temporary file >> `/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955': >> Permission denied >> -------------------------- >> What do I need to open that up to? >> >> Thanks. > >In order to be able to create files, you need the X permission on a >directory.
Ok, I'll fix that, thanks. >That said, why give the saupdate user the ability to add keys at all? >Import them as root and only give the saupdate user read access. Basically, since I run myself as root, I was trying to reduce the exposure. All the rest of the routine mail handling here is by unpriviledged users. And it is all behind a dd-wrt firewall with NAT. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. <https://www.nrahq.org/nrabonus/accept-membership.asp> Accuracy, n.: The vice of being right
