Sorry for bringing up this topic again. It was previously discussed in 2006: http://markmail.org/message/76w27on2gf44262g
I still don't see an established reason why spamassassin should tamper with shadow. From 2006: "Doesn't do anything other to see if their is a matching entry in both /etc/passwd and /etc/shadow and it checks to see if the user is still able to log in." For a matching entry /etc/passwd is enough. And what if the user cannot login? Even sa-learn tries to read shadow. If I'm running it, I'm running it. Aren't I? Would it be possible to disable shadow checks using an option? I don't like programs running UID 0 being able to read /etc/shadow. Only if it's reasonable. I just want to shorten my RBAC denial logs - by getting rid of unnecessary system activities. Regards, Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962 Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
