David Krause writes: > * Antoine Jacoutot <[EMAIL PROTECTED]> [061024 09:57]: >> Selon Andreas V?gele <[EMAIL PROTECTED]>: >> > We might also use /var/spamassassin instead of /var/db/spamassassin >> > for the updated rules that sa-update downloads. >> >> Indeed. >> New diff attached. >> >> What do you all think? > > Should the _spamdaemon user be able to the write to the updated rules > directory?
The updated rules are put into a subdirectory by sa-update, e.g. /var/db/spamassassin/3.001007. The _spamdaemon user doesn't need write access to that directory, only read access. In the current setup sa-update must be run by root, which is a bad idea anyway. We could add another user, e.g. _saupdate, that may be used to call sa-update, and change the owner of /var/db/spamassassin to that user.
