On Fri, 8 Jul 2011 16:41:36 +0000, Kārlis Repsons wrote:
All,
I'd like you to review approximately how I'm running spamd. My
concern
is security. You can see that the child processes are run by spamd
user,
but the main process is still run by root:
ps -C spamd -o user,cmd
USER CMD
root /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd
--nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell
spamd spamd child
spamd spamd child
How secure is that (no I didn't make any crazed chroots or so) and
what
would you suggest to isolate spamd from possible outside intrusions?
Thanks...
1: root is needed for any bind ports below 1024
2: but the root user do no threads for spamd
same goes for eg apache, maybe i should stop it ? -)
