Le vendredi 8 juillet 2011 19:00, Andrzej Adam Filip a écrit : > Kārlis Repsons <karlis.reps...@gmail.com> wrote: > > All, > > I'd like you to review approximately how I'm running spamd. My concern > > is security. You can see that the child processes are run by spamd user, > > but the main process is still run by root: > > > > ps -C spamd -o user,cmd > > USER CMD > > root /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd > > --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell spamd > > spamd child > > spamd spamd child > > > > How secure is that (no I didn't make any crazed chroots or so) and what > > would you suggest to isolate spamd from possible outside intrusions? > > Thanks... > > Do you need spamd changing OS user ids? (e.g. to access ~/.spamassassin/ ) > > I have used "personal" [single (non root) OS user] spamd without any > problems.
e.g in my system folder .spamassassin is owned by group users r13151 ~]# ls -al /home/fakessh/.spamassassin/ total 44 drwx------ 2 fakessh users 4096 jui 6 20:31 . drwxr-xr-x 19 fakessh users 4096 jui 6 01:38 .. -rw------- 1 fakessh users 12288 jui 6 00:17 auto-whitelist -rw------- 1 fakessh users 12288 jui 6 00:16 bayes_seen -rw------- 1 fakessh users 12288 jui 6 20:31 bayes_toks -rw------- 1 fakessh users 1869 jui 5 23:54 user_prefs -- http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpE7ebXFb5lz.pgp
Description: PGP signature
