On 14/12/2018 12:35, Christian Weiske wrote:
When spamassassin is running in daemon mode (spamd) as root,
the default behaviour is to setuid to the user running spamc. This
lets spamd to load and examine the per-user configuration files as
the user. So by default, the effective UID is sent to spamd from
spamc.
This is only necessary when you have a 1:1 mapping between email
recipients and users on the system, and not at all useful when there is
a virtual user setup via database or MySQL.
Even if you are in a non-virtual setup, the question is if users really
use their own configuration files for spamassassin, or if they rather
rely on the admin to configure SA correctly.
This. exim connects to spamd at SMTP time, when there might be several local
recipients, so there is no single local user to run spamd as. And I don't
expect each of my users to set up their own spamassassin configuration.
If the main usage scenario of spamassassin on debian installations is
virtual user databases, then the default could be changed to let spamd
run the children as debian-spamd.
----
I adjusted /etc/default/spamassassin and ajusted OPTIONS:
OPTIONS="--username=debian-spamd --group debian-spamd ..."
I have always added "-u debian-spamd" to all my spamassassin installations,
and now I'm wondering if I need to add --group too, but it appears to be
unnecessary.
Regards,
Roger
