I think the solution, is this: Modify /etc/cron.daily/spamassassin to reset the permissions - just before the sleep stanza.
It is a simple task: chown -R debian-spamd:debian-spamd /var/lib/spamassassin; ...and that's it. People can now run sa-update as root, && "invoke-rc.d spamassassin" if they wish - and it will work as expected. And that evening, the cronjob will quietly reset the ownership:permissions to what they should be (on debian), and run everything without error. ...how does this not fulfill each case? -- Mark -- Syminet Internetworking Solutions https://secure.syminet.com/ 1-949-379-8472 ext. 8049 GPG: 2048R/966057BB On Mar 19, 2015, at 10:33 PM, Bob Proulx <b...@proulx.com> wrote: > Bob Proulx wrote: >> Mark - Syminet wrote: >>> Fixed with the following commands: >>> >>> chown -R debian-spamd:debian-spamd /etc/spamassassin /var/lib/spamassassin >> >> Yes. > > Actually no. I neglected to see the /etc/spamassassin in there. > Don't do that. That's bad. Those files should be owned by root. The > sa-update process should not be able to write to them. > > chown -R root:root /etc/spamassassin > > Sorry for fumbling that part of my response. > > Bob
signature.asc
Description: Message signed with OpenPGP using GPGMail
