On Friday 08 July 2011 16:54:22 Benny Pedersen wrote: > On Fri, 8 Jul 2011 16:41:36 +0000, Kārlis Repsons wrote: > > All, > > I'd like you to review approximately how I'm running spamd. My > > concern > > is security. You can see that the child processes are run by spamd > > user, > > but the main process is still run by root: > > > > ps -C spamd -o user,cmd > > USER CMD > > root /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd > > --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell > > spamd spamd child > > spamd spamd child > > > > How secure is that (no I didn't make any crazed chroots or so) and > > what > > would you suggest to isolate spamd from possible outside intrusions? > > Thanks... > > 1: root is needed for any bind ports below 1024 > > 2: but the root user do no threads for spamd > > same goes for eg apache, maybe i should stop it ? -) Stop what? I tried with --port=2580, but still one root process. But you meant it's not worth worrying about?
On Friday 08 July 2011 17:00:50 Andrzej Adam Filip wrote: > Do you need spamd changing OS user ids? (e.g. to access ~/.spamassassin/ ) No, I don't!
