Bob, the chown fixed the problem.
Reindl, your answer seems to be describing a very different installation from
'sudo apt install spamassassin’. Am I correctly understanding the changes you
are recommending?
> On May 14, 2016, at 11:31 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
>
> Am 14.05.2016 um 20:09 schrieb Bob Proulx:
>> I see start-stop-daemon and so assume you are running either Debian or
>> Ubuntu where the process runs as a non-root user. As can be seen the
>> --chuid debian-spamd:debian-spamd option runs the process as a
>> non-root user. But very commonly people manually run the download as
>> root which then creates /var/lib/spamassassin as root. Once that
>> happens the non-root debian-spamd is locked out.
>>
>> To restore permissions:
>>
>> chown -R debian-spamd:debian-spamd /var/lib/spamassassin
>>
>> And in the future avoid running it as root manually. With great power
>> comes great responsibility. :-)
>
> you have the same problem on Fedora if your umask is sane
>
> the real fix would be make sure that folders / files have chmod 755/644
> because you *do not* want run "sa-update" as the same user the daemon runs
> and so have write-permissions for the daemon
>
> a real clean and secuer setup needs a own user, in our case "sa-cleanup"
> which is also the only one with write permissions to bayes-samples and the
> spamd-service making sure permissions are sane so that the user spamd is
> uisng has read permissions
> _______________________________
>
> spamassassin.service
>
> PermissionsStartOnly=true
> User=sa-milt
> Group=sa-milt
> ExecStartPre=/usr/bin/chown -R sa-cleanup:root /var/lib/spamassassin/
> ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type d -exec /bin/chmod
> 0755 "{}" \;
> ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type f -exec /bin/chmod
> 0644 "{}" \;
> _______________________________
>
> [root@mail-gw:~]$ systemctl status sa-update.service
> ? sa-update.service - Spamassassin Rules Update
> Loaded: loaded (/usr/lib/systemd/system/sa-update.service; static; vendor
> preset: disabled)
> Drop-In: /etc/systemd/system/sa-update.service.d
> ??update-user.conf
> Active: inactive (dead) since Sa 2016-05-14 01:58:47 CEST; 18h ago
> Docs: man:sa-update(1)
> Main PID: 9728 (code=exited, status=0/SUCCESS)
> _______________________________
>
> [root@mail-gw:~]$ cat /etc/systemd/system/sa-update.service.d/update-user.conf
> [Service]
> User=sa-cleanup
> Group=sa-milt
> [root@mail-gw:
>
