On Fri, 17 Jun 2016 14:07:33 +0100 Sebastian Arcus wrote:
> > > >> Site-wide bayes files are owned > >> by spamd. Regarding the daemon, it is started with > >> --socketowner=spamd and socketpath=spamd. Is this enough, or > >> should it be actually started with "su" as "spamd" user? If you start it as root with the -u spamd (or --username) it will drop privileges to spamd. Starting it as root allows it to bind to a low port should you need that. > > "socketpath=spamd" sounds idiotic, hpwever for a site-wide setup > > there is no point in start it as root instead directly as the > > correct user, see below, can#t say anything about "su" in service > > files since i don't touch sysvinit for 5 years now > > That is probably so - I've taken another look at my startup scripts, > and I have to say it feels like I've been tying myself in knots with > --socketowner and --socketgroup and --username. I was thinking that > for my setup using: > > --username=spamd --socketownder=exim --socketgroup=exim > > might be the most suitable. Is it better to run it instead with > > --socketmode=666 You should use -u,--username unless you need to access per user data from unix home directories. You need this even if you start directly as spamd. > and not bother with setting owner and group for the socket? Is there any particular reason for even using a socket file?
