[Gllug] spamassassin help!

Nix nix at esperi.org.uk
Tue Nov 4 00:28:59 UTC 2008


On 1 Nov 2008, Adrian McMenamin uttered the following:
> and this is from /etc/default/spamass-milter
>
> OPTIONS="-u nobody"

Whatever version of SA this is (you never said), this seems very risky
to me. Unless you're storing all your config and all of Bayes in an SQL
database, or you're setting user_dir, this will lead to SA attempting to
drop files in nobody's home directory, and you might end up with files
on the system owned by nobody. Having files owned by nobody is generally
considered to be a security hazard.

Is there some reason why you're not running persistently as an
SA-specific user? The only reason to run SA as root and pass -u is to
have it setuid() to the recipient of each mail when doing filtering: if
you're always changing to the same user, this is pointless.


This is almost certainly the cause of the error you're seeing, too: I
bet, in /etc/passwd, nobody's home directory is given as '/nonexistent'.

-- 
`Not even vi uses vi key bindings for its command line.' --- PdS
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list