Control: tags -1 + moreinfo Control: severity -1 normal On Fri, Nov 09, 2018 at 08:40:14PM +0100, Sebastian Ramacher wrote: > > | chmod: changing permissions of > > '/var/lib/spamassassin/compiled/5.024/3.004001/auto/Mail/SpamAssassin/CompiledRegexps/body_neg100/body_neg100.so': > > Operation not permitted > > | dpkg: error processing package sa-compile (--configure): > > | subprocess installed post-installation script returned error exit status > > 1 > > | Errors were encountered while processing: > > | sa-compile > > This file is owned by root:root. After moving it away, installation succeeded. > > The failing line of the postinst script is: > > # Fixup perms -- group and other should be able to > # read and execute, but never write. Works around > # sa-compile's failure to obey umask. > runuser -u debian-spamd -- \ > chmod -R go-w,go+rX /var/lib/spamassassin/compiled
The file in question would have been generated with sa-compile. However,
sa-compile has been run as the debian-spamd user for a long time (at
least as far back as wheezy). The cron.daily script uses the following
invocation:
env -i LANG="$LANG" PATH="$PATH" start-stop-daemon \
--chuid debian-spamd:debian-spamd --start \
--exec /usr/bin/sa-compile -- --quiet
So if there were any root-owned files in the compiled output, I don't
see how they could have been put there by the package.
It's possible that sa-compile had, at some point, been manually executed
as root, in which case this is #721648. If you're able to provide any
more info about where that file could have come from or whether
sa-compile had ever run as root on this system, that could help to more
clearly identify what happened.
noah
signature.asc
Description: PGP signature
