Re: [sa-list] Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 all this info is useful on the bug, not on this side discussion. - --j. Craig McLean writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 > > Craig. > > Justin Mason wrote: > > > > ah, good to hear -- although it would have been nice to have had that > noted on bug 3900, which was still listed as "awaiting confirmation"... > > > > --j. > > > > Charles Sprickman writes: > > > >>>I've seen this problem as well, even in the latest "ports" version. > Still > >>>runs as root. If I apply the attached patch (obtained from one of the > bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 > (5.8.7 had the same problem, I backed out of 5.8 since it chewed up > more > >>>memory than I was comfortable with). > >>>Charles > >>>On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: > On Tue, 26 Apr 2005, Justin Mason wrote: > >It's specifically a problem with perl on *BSD platforms -- there's a > bug open about it, but it's stalled because we don't have any > developers with BSD machines ;) > Anyone want a test machine where this is occurring? Where it DIDN'T > occur > before under 3.0.3? Contact me offlist. > I've had a bugzilla report sitting in "NEW" status for over a month > now, I > think. I flagged it as "security" because I a) thought maybe there > was some > priority to that and b) actually believe it to be, but nobody has done > > anything with it. > http://bugzilla.spamassassin.org/show_bug.cgi?idD98 > -Dan > >at least on some platforms (MacOS X) it appears perl's setuid support > substantially does not work. > >--j. > >Brandon Kuczenski writes: > >>I've seen this question posted a couple times in the mailing list > archives > >>(from October 2004) but no resolution. The question again: > >>I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format > with > >>the '-u spamd' flag. Problem is, all the child processes are > running as > >>root: > >>$ ps aux | grep spam > >>root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 > spamd > >>child (perl) > >>root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 > spamd > >>child (perl) > >>root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 > spamd > >>child (perl) > >>root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 > spamd > >>child (perl) > >>root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 > spamd > >>child (perl) > >>spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 > /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r > /var/run/spamd.pid > >>(perl) > >>$ > >>Is this intended or is it a bug? The two threads I've seen that > pertain > >>to it (both dating from Oct04) are left unresolved: > >>http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 > http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 > The practical consequence of this (aside from the unorthodoxy -- > undesired > >>processes owned by root) is that the permissions of my > >>~user/.spamassassin/bayes_journal file get changed to root:spamd > 0660. > >>I wanted them to be spamd:user 0660, so that the user can run > sa-learn without asking for root's help. Is that not the 'right > way' to > >>do things? > >>Has there been a resolution to this question? If not, .. doesn't > everybody have this problem? Or is it not a problem? If not, why > not? > >>-Brandon > > Output from gpg > 298BC7D0 > gpg: There is no indication that the signature belongs to > the > >owner. > 298B C7D0 > -- > "Don't try to out-wierd me. I get stranger things than you free with > my > breakfast cereal." > -Button seen at I-CON XVII (and subsequently purchased) > Dan Mahoney > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --- > >>>--0-343817720-1123532392=:14641 > >>>Content-Type: TEXT/PLAIN; charset=US-ASCII; name="spamd-euid.patch" > Content-Transfer-Encoding: BASE64 > >>>Content-ID: > <[EMAIL PROTECTED]> > >>>Content-Description: > >>>Content-Disposition: attachment; filename="spamd-euid.patch" > >>>LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz > >>>cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw > >>>LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg > >>>ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg > >>>ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN > >>>CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp > >>>YWwgYXR0ZW1wdCB0byBjaGFuZ2UgcmVhbCB1aWQgZmFpbGVkLCB0cnlpbmcg > >>>QlNEIHdvcmthcm91bmQiKSBpZiAkb3B0eydkZWJ1Zyd9Ow0KK
RE: [sa-list] Re: spamd children run as root (again)
I've been running spamc and spamd (3.0.4) on FreeBSD 4.10 with Perl 5.8.5 for quite a while, but using the -u vmail flag doesn't cause any problems. vmail 15329 0.0 2.9 59052 30300 ?? INsJ 5:55AM 0:03.05 /usr/local/bin/spamd -x -d -m 2 -r /var/run/spamd/spamd.pid -u vmail --socketpath=/tmp/spamd.sock -H /usr/local/mail/.spamassassin vmail 15355 0.0 5.9 64984 61072 ?? INJ 5:55AM 1:39.07 spamd child (perl5.8.5) vmail 15356 0.0 6.0 67352 63096 ?? INJ 5:55AM 0:24.58 spamd child (perl5.8.5) However, it does behave odd when using sa-learn. Sometimes (but only sometimes), it will change the owner of one of the bayes_ files or bayes.mutex to root. :-? Sander Holthaus Dan Mahoney, System Admin wrote: > On Tue, 9 Aug 2005, Craig McLean wrote: > > I applied the patch, and it fixed things on my end. I noted > in my PR that it was also odd to me that before, the children > showed in ps as "perl" and afterwards as "perl5.8.6" or something > very similar. > >> FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with >> perl >> 5.6.1 >> >> Craig. >> >> Justin Mason wrote: >>> >>> ah, good to hear -- although it would have been nice to > have had that >> noted on bug 3900, which was still listed as "awaiting >> confirmation"... >>> >>> --j. >>> >>> Charles Sprickman writes: >>> > I've seen this problem as well, even in the latest "ports" > version. Still runs as root. If I apply the attached patch > (obtained from one of the >> bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 >> (5.8.7 had the same problem, I backed out of 5.8 since it chewed up >> more > memory than I was comfortable with). > Charles > On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: >> On Tue, 26 Apr 2005, Justin Mason wrote: >>> It's specifically a problem with perl on *BSD platforms -- >>> there's a >> bug open about it, but it's stalled because we don't have any >> developers with BSD machines ;) >> Anyone want a test machine where this is occurring? Where it >> DIDN'T >> occur >> before under 3.0.3? Contact me offlist. >> I've had a bugzilla report sitting in "NEW" status for over a >> month >> now, I >> think. I flagged it as "security" because I a) thought maybe >> there >> was some >> priority to that and b) actually believe it to be, but nobody has >> done >> >> anything with it. >> http://bugzilla.spamassassin.org/show_bug.cgi?idD98 >> -Dan >>> at least on some platforms (MacOS X) it appears perl's setuid >>> support >> substantially does not work. >>> --j. >>> Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list >> archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format >> with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 > 0:01.61 >> /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r >> /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: > http://thread.gmane.org/gmane.mail.spam.spamassassin.general/579 00 >> http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 >> The practical consequence of this (aside from the unorthodoxy -- >> undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run >> sa-learn without asking for root's help. Is that not the 'right way' >> to do things? Has there been a resolution to this question? If not, .. doesn't >> everybody have this problem? Or is it not a problem? If not, why >> not? -Brandon >>> Output from gpg >> 298BC7D0 >> gpg: There is no indication that the signature belongs to >> the >>> owner. >> 298B C7D0 >> -- >> "Don't try to out-wierd me. I get stranger things than you free >> with >> my >> breakfast cereal." >> -Button seen at I-CON XVII (and subsequently purchased) >> Dan Mahoney--
Re: [sa-list] Re: spamd children run as root (again)
On Tue, 9 Aug 2005, Craig McLean wrote: I applied the patch, and it fixed things on my end. I noted in my PR that it was also odd to me that before, the children showed in ps as "perl" and afterwards as "perl5.8.6" or something very similar. FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as "awaiting confirmation"... --j. Charles Sprickman writes: I've seen this problem as well, even in the latest "ports" version. Still runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more memory than I was comfortable with). Charles On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in "NEW" status for over a month now, I think. I flagged it as "security" because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?idD98 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg 298BC7D0 gpg: There is no indication that the signature belongs to the owner. 298B C7D0 -- "Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal." -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- --0-343817720-1123532392=:14641 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="spamd-euid.patch" Content-Transfer-Encoding: BASE64 Content-ID: <[EMAIL PROTECTED]> Content-Description: Content-Disposition: attachment; filename="spamd-euid.patch" LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp YWwgYXR0ZW1wdCB0byBjaGFuZ2UgcmVhbCB1aWQgZmFpbGVkLCB0cnlpbmcg QlNEIHdvcmthcm91bmQiKSBpZiAkb3B0eydkZWJ1Zyd9Ow0KKw0KKyAgICAk PiA9ICQ8OwkJCSMgcmV2ZXJ0IGV1aWQgdG8gcnVpZA0KKyAgICAkPCA9ICR1 dWlkOwkJCSMgY2hhbmdlIHJ1aWQgdG8gdGFyZ2V0DQorICAgICQ+ID0gJHV1 aWQ7CQkJIyBjaGFuZ2UgZXVpZCBiYWNrIHRvIHRhcmdldA0KKyAgfQ0KKw0K ICAgaWYgKCAkPiAhPSAkdXVpZCBhbmQgJD4gIT0gKCAkdXVpZCAtIDIqKjMy ICkgKSB7DQogICAgIGRpZSAiZmF0YWw6IHNldHVpZCB0byB1aWQgJHV1aWQg ZmFpbGVkXG4iOw0KICAgfQ0K --0-343817720-1123532392=:14641-- Output from gpg gpg: WARNING: using insecure memory
Re: [sa-list] Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FWIW I *don't* see this issue on FBSD 5.2.1 running SA 3.0.4 with perl 5.6.1 Craig. Justin Mason wrote: > > ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as "awaiting confirmation"... > > --j. > > Charles Sprickman writes: > >>>I've seen this problem as well, even in the latest "ports" version. Still >>>runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more >>>memory than I was comfortable with). >>>Charles >>>On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: >It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in "NEW" status for over a month now, I think. I flagged it as "security" because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?idD98 -Dan >at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. >--j. >Brandon Kuczenski writes: >>I've seen this question posted a couple times in the mailing list archives >>(from October 2004) but no resolution. The question again: >>I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with >>the '-u spamd' flag. Problem is, all the child processes are running as >>root: >>$ ps aux | grep spam >>root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd >>child (perl) >>root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd >>child (perl) >>root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd >>child (perl) >>root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd >>child (perl) >>root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd >>child (perl) >>spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid >>(perl) >>$ >>Is this intended or is it a bug? The two threads I've seen that pertain >>to it (both dating from Oct04) are left unresolved: >>http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired >>processes owned by root) is that the permissions of my >>~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. >>I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to >>do things? >>Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? >>-Brandon > Output from gpg 298BC7D0 gpg: There is no indication that the signature belongs to the >owner. 298B C7D0 -- "Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal." -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- >>>--0-343817720-1123532392=:14641 >>>Content-Type: TEXT/PLAIN; charset=US-ASCII; name="spamd-euid.patch" Content-Transfer-Encoding: BASE64 >>>Content-ID: <[EMAIL PROTECTED]> >>>Content-Description: >>>Content-Disposition: attachment; filename="spamd-euid.patch" >>>LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz >>>cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw >>>LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg >>>ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg >>>ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN >>>CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp >>>YWwgYXR0ZW1wdCB0byBjaGFuZ2UgcmVhbCB1aWQgZmFpbGVkLCB0cnlpbmcg >>>QlNEIHdvcmthcm91bmQiKSBpZiAkb3B0eydkZWJ1Zyd9Ow0KKw0KKyAgICAk >>>PiA9ICQ8OwkJCSMgcmV2ZXJ0IGV1aWQgdG8gcnVpZA0KKyAgICAkPCA9ICR1 >>>dWlkOwkJCSMgY2hhbmdlIHJ1aWQgdG8gdGFyZ2V0DQorICAgICQ+ID0gJHV1 >>>aWQ7CQkJIyBjaGFuZ2UgZXVpZCBiYWNrIHRvIHRhcmdldA0KKyAgfQ0KKw0K >>>ICAgaWYgKCAkPiAhPSAkdXVpZCBhbmQgJD4gIT0gKCAkdXVpZCAtIDIqKjMy >>>ICkgKSB7DQogICAgIGRpZSAiZmF0YWw6IHNldHVpZCB0byB1aWQgJHV1aWQg >>>ZmFpbGVkXG4iOw0KICAgfQ0K >>>--0-343817720-1123532392=:14
Re: [sa-list] Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ah, good to hear -- although it would have been nice to have had that noted on bug 3900, which was still listed as "awaiting confirmation"... - --j. Charles Sprickman writes: > I've seen this problem as well, even in the latest "ports" version. Still > runs as root. If I apply the attached patch (obtained from one of the > bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 > (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more > memory than I was comfortable with). > > Charles > > On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: > > > On Tue, 26 Apr 2005, Justin Mason wrote: > > > >> > >> It's specifically a problem with perl on *BSD platforms -- there's > >> a bug open about it, but it's stalled because we don't have any > >> developers with BSD machines ;) > > > > Anyone want a test machine where this is occurring? Where it DIDN'T occur > > before under 3.0.3? Contact me offlist. > > > > I've had a bugzilla report sitting in "NEW" status for over a month now, I > > think. I flagged it as "security" because I a) thought maybe there was > > some > > priority to that and b) actually believe it to be, but nobody has done > > anything with it. > > > > http://bugzilla.spamassassin.org/show_bug.cgi?idD98 > > > > -Dan > > > >> > >> at least on some platforms (MacOS X) it appears perl's setuid > >> support substantially does not work. > >> > >> --j. > >> > >> Brandon Kuczenski writes: > >>> I've seen this question posted a couple times in the mailing list archives > >>> (from October 2004) but no resolution. The question again: > >>> > >>> I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with > >>> the '-u spamd' flag. Problem is, all the child processes are running as > >>> root: > >>> > >>> $ ps aux | grep spam > >>> root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd > >>> child (perl) > >>> root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd > >>> child (perl) > >>> root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd > >>> child (perl) > >>> root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd > >>> child (perl) > >>> root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd > >>> child (perl) > >>> spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 > >>> /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid > >>> (perl) > >>> $ > >>> > >>> Is this intended or is it a bug? The two threads I've seen that pertain > >>> to it (both dating from Oct04) are left unresolved: > >>> http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 > >>> http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 > >>> > >>> The practical consequence of this (aside from the unorthodoxy -- undesired > >>> processes owned by root) is that the permissions of my > >>> ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. > >>> I wanted them to be spamd:user 0660, so that the user can run > >>> sa-learn without asking for root's help. Is that not the 'right way' to > >>> do things? > >>> > >>> Has there been a resolution to this question? If not, .. doesn't > >>> everybody have this problem? Or is it not a problem? If not, why not? > >>> > >>> -Brandon > >> Output from gpg > >> gpg: WARNING: using insecure memory! > >> gpg: please see http://www.gnupg.org/faq.html for more information > >> gpg: Signature made Tue Apr 26 19:09:08 2005 EDT using DSA key ID 298BC7D0 > >> gpg: Good signature from "Justin Mason <[EMAIL PROTECTED]>" > >> gpg: WARNING: This key is not certified with a trusted signature! > >> gpg: There is no indication that the signature belongs to the > >> owner. > >> Primary key fingerprint: 1368 71CE 3627 9CD3 FA1B 0B63 3091 7972 298B C7D0 > >> > >> > > > > -- > > > > "Don't try to out-wierd me. I get stranger things than you free with my > > breakfast cereal." > > > > -Button seen at I-CON XVII (and subsequently purchased) > > > > Dan Mahoney > > Techie, Sysadmin, WebGeek > > Gushi on efnet/undernet IRC > > ICQ: 13735144 AIM: LarpGM > > Site: http://www.gushi.org > > --- > > > > > --0-343817720-1123532392=:14641 > Content-Type: TEXT/PLAIN; charset=US-ASCII; name="spamd-euid.patch" > Content-Transfer-Encoding: BASE64 > Content-ID: <[EMAIL PROTECTED]> > Content-Description: > Content-Disposition: attachment; filename="spamd-euid.patch" > > LS0tIHNwYW1kLm9sZAlXZWQgT2N0IDEzIDE2OjQ5OjU4IDIwMDQNCisrKyBz > cGFtZAlUaHUgT2N0IDE0IDIwOjE1OjUzIDIwMDQNCkBAIC03MDAsNiArNzAw > LDE1IEBADQogICAjIENoYW5nZSBVSUQNCiAgICQ+ID0gJHV1aWQ7ICAgICAg > ICAgICAgIyBlZmZlY3RpdmUgdWlkDQogICAkPCA9ICR1dWlkOyAgICAgICAg > ICAgICMgcmVhbCB1aWQuIHdlIG5vdyBjYW5ub3Qgc2V0dWlkIGFueW1vcmUN > CisNCisgIGlmICggJDwgIT0gJHV1aWQgKSB7DQorICAgIHdhcm4oImluaXRp > YWwgYXR0ZW1wdCB0byBjaGFuZ2Ug
Re: [sa-list] Re: spamd children run as root (again)
I've seen this problem as well, even in the latest "ports" version. Still runs as root. If I apply the attached patch (obtained from one of the bugzilla entries), it works properly. Running FBSD 4.11 w/perl 5.6.2 (5.8.7 had the same problem, I backed out of 5.8 since it chewed up more memory than I was comfortable with). Charles On Mon, 8 Aug 2005, Dan Mahoney, System Admin wrote: On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in "NEW" status for over a month now, I think. I flagged it as "security" because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?id=4498 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Tue Apr 26 19:09:08 2005 EDT using DSA key ID 298BC7D0 gpg: Good signature from "Justin Mason <[EMAIL PROTECTED]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1368 71CE 3627 9CD3 FA1B 0B63 3091 7972 298B C7D0 -- "Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal." -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- --- spamd.old Wed Oct 13 16:49:58 2004 +++ spamd Thu Oct 14 20:15:53 2004 @@ -700,6 +700,15 @@ # Change UID $> = $uuid;# effective uid $< = $uuid;# real uid. we now cannot setuid anymore + + if ( $< != $uuid ) { +warn("initial attempt to change real uid failed, trying BSD workaround") if $opt{'debug'}; + +$> = $<; # revert euid to ruid +$< = $uuid;# change ruid to target +$> = $uuid;# change euid back to target + } + if ( $> != $uuid and $> != ( $uuid - 2**32 ) ) { die "fatal: setuid to uid $uuid failed\n"; }
Re: [sa-list] Re: spamd children run as root (again)
On Tue, 26 Apr 2005, Justin Mason wrote: It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) Anyone want a test machine where this is occurring? Where it DIDN'T occur before under 3.0.3? Contact me offlist. I've had a bugzilla report sitting in "NEW" status for over a month now, I think. I flagged it as "security" because I a) thought maybe there was some priority to that and b) actually believe it to be, but nobody has done anything with it. http://bugzilla.spamassassin.org/show_bug.cgi?id=4498 -Dan at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon Output from gpg gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: Signature made Tue Apr 26 19:09:08 2005 EDT using DSA key ID 298BC7D0 gpg: Good signature from "Justin Mason <[EMAIL PROTECTED]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 1368 71CE 3627 9CD3 FA1B 0B63 3091 7972 298B C7D0 -- "Don't try to out-wierd me. I get stranger things than you free with my breakfast cereal." -Button seen at I-CON XVII (and subsequently purchased) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: spamd children run as root (again)
>... > >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > > >It's specifically a problem with perl on *BSD platforms -- there's >a bug open about it, but it's stalled because we don't have any >developers with BSD machines ;) > >at least on some platforms (MacOS X) it appears perl's setuid >support substantially does not work. > >- --j. > >Brandon Kuczenski writes: >> I've seen this question posted a couple times in the mailing list archives >> (from October 2004) but no resolution. The question again: >> >> I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with >> the '-u spamd' flag. Problem is, all the child processes are running as >> root: >> >> $ ps aux | grep spam >> root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child >> (perl) >> root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child >> (perl) >> root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child >> (perl) >> root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child >> (perl) >> root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child >> (perl) >> spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 >> /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid >> (perl) >> $ >> >> Is this intended or is it a bug? The two threads I've seen that pertain >> to it (both dating from Oct04) are left unresolved: >> http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 >> http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 >> >> The practical consequence of this (aside from the unorthodoxy -- undesired >> processes owned by root) is that the permissions of my >> ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. >> I wanted them to be spamd:user 0660, so that the user can run >> sa-learn without asking for root's help. Is that not the 'right way' to >> do things? >> >> Has there been a resolution to this question? If not, .. doesn't >> everybody have this problem? Or is it not a problem? If not, why not? >> >> -Brandon >-BEGIN PGP SIGNATURE- >Version: GnuPG v1.2.5 (GNU/Linux) >Comment: Exmh CVS > >iD8DBQFCbsoUMJF5cimLx9ARAnsGAKC98snnKMlcTv490F78G+U5Ha52FgCeK+uV >y6ov48bq/BH/aXgekQmGdFU= >=6vip >-END PGP SIGNATURE- > > I can vouch that for at least NetBSD systems from 2.x through current (i.e. 3.99.3) and SA 3.0.[12] and top of tree, this is not a problem (i.e. it works for me). It also did work for v2.64 when I ran that version (it has been awhile). All file permissions match the user account chosen, but I do run sa-learn using "su" (habit, I generally only feed it spam with high scores that didn't "autolearn" because of insufficient header points). Maybe you can create a SUID wrapper for sa-learn to allow users to use that (if SUID scripts are disbled, as on my mail servers, a 10 line 'C' program will do). Paul Shupak [EMAIL PROTECTED]
Re: spamd children run as root (again)
Hello! s/ignored/missed/ ;) that does look logical. I'd appreciate if other *BSD users could try that out... - --j. It works on my end; thanks. Me too, FreeBSD 5.4S -Brandon With respect, Boris
Re: spamd children run as root (again)
On Tue, 26 Apr 2005, Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Blayzor writes: Brandon Kuczenski wrote: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: This has been a problem since 3.0.0 and I even submitted a patch in the PR... Dunno why this PR is being ignored by the devs... http://bugzilla.spamassassin.org/show_bug.cgi?id897 s/ignored/missed/ ;) that does look logical. I'd appreciate if other *BSD users could try that out... - --j. It works on my end; thanks. -Brandon
Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Blayzor writes: > Brandon Kuczenski wrote: > > I've seen this question posted a couple times in the mailing list > > archives (from October 2004) but no resolution. The question again: > > > > I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format > > with the '-u spamd' flag. Problem is, all the child processes are > > running as root: > > This has been a problem since 3.0.0 and I even submitted a patch in the > PR... Dunno why this PR is being ignored by the devs... > > http://bugzilla.spamassassin.org/show_bug.cgi?id897 s/ignored/missed/ ;) that does look logical. I'd appreciate if other *BSD users could try that out... - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCbtgwMJF5cimLx9ARAiFQAJ9kcE4rJtNc1dDX5QYpOja8QavzdQCglsNv IVglQIU3Aw6KO8ncAsfS1Bs= =G9Mj -END PGP SIGNATURE-
Re: spamd children run as root (again)
Brandon Kuczenski wrote: > I've seen this question posted a couple times in the mailing list > archives (from October 2004) but no resolution. The question again: > > I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format > with the '-u spamd' flag. Problem is, all the child processes are > running as root: This has been a problem since 3.0.0 and I even submitted a patch in the PR... Dunno why this PR is being ignored by the devs... http://bugzilla.spamassassin.org/show_bug.cgi?id=3897 -- Robert Blayzor, BOFH INOC, LLC rblayzor\@(inoc.net|gmail.com) PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 "Pinky, you've left the lens cap of your mind on again." - The Brain
Re: spamd children run as root (again)
Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. - --j. Brandon Kuczenski writes: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Hi, If needed I can setup a dev machine running FreeBSD (or what ever BSD flavor the devs might like) and give them total access to it. If that would help. Regards, Rick
Re: spamd children run as root (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's specifically a problem with perl on *BSD platforms -- there's a bug open about it, but it's stalled because we don't have any developers with BSD machines ;) at least on some platforms (MacOS X) it appears perl's setuid support substantially does not work. - --j. Brandon Kuczenski writes: > I've seen this question posted a couple times in the mailing list archives > (from October 2004) but no resolution. The question again: > > I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with > the '-u spamd' flag. Problem is, all the child processes are running as > root: > > $ ps aux | grep spam > root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child > (perl) > root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child > (perl) > root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child > (perl) > root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child > (perl) > root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child > (perl) > spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 > /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid > (perl) > $ > > Is this intended or is it a bug? The two threads I've seen that pertain > to it (both dating from Oct04) are left unresolved: > http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 > http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 > > The practical consequence of this (aside from the unorthodoxy -- undesired > processes owned by root) is that the permissions of my > ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. > I wanted them to be spamd:user 0660, so that the user can run > sa-learn without asking for root's help. Is that not the 'right way' to > do things? > > Has there been a resolution to this question? If not, .. doesn't > everybody have this problem? Or is it not a problem? If not, why not? > > -Brandon -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCbsoUMJF5cimLx9ARAnsGAKC98snnKMlcTv490F78G+U5Ha52FgCeK+uV y6ov48bq/BH/aXgekQmGdFU= =6vip -END PGP SIGNATURE-
Re: spamd children run as root (again)
Brandon Kuczenski wrote: I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? Hi, Yes, to the best of my knowledge it is a problem but the devs haven't seemed to acknowledged it. I think it's related to another SA bug having to do with per user rules only working the first time the child is loaded, of course I could be wrong. It doesn't affect me now that I've switched to a global bayes in MySQL and user prefs in MySQL but a hack might be to set the bayes_mode 0777 in the local.cf file so that at least you'll always have read/write access to the files. HTH, Regards, Rick PS. No offense meant to the devs, I know their time is limited and they are working on a great many things.
spamd children run as root (again)
I've seen this question posted a couple times in the mailing list archives (from October 2004) but no resolution. The question again: I'm running SpamAssassin 3.0.2 on FreeBSD 4.10 in spamc/spamd format with the '-u spamd' flag. Problem is, all the child processes are running as root: $ ps aux | grep spam root 333 0.0 10.1 27636 25932 ?? I11Apr05 1:03.83 spamd child (perl) root 332 0.0 10.5 29020 27032 ?? I11Apr05 1:07.96 spamd child (perl) root 331 0.0 9.7 26544 24852 ?? I11Apr05 0:52.68 spamd child (perl) root 330 0.0 9.9 27152 25524 ?? I11Apr05 1:04.40 spamd child (perl) root 329 0.0 9.8 26864 25116 ?? I11Apr05 0:58.08 spamd child (perl) spamd 294 0.0 7.1 22392 18220 ?? Is 11Apr05 0:01.61 /usr/local/bin/spamd -d -c -u spamd -H /home/spamd -r /var/run/spamd.pid (perl) $ Is this intended or is it a bug? The two threads I've seen that pertain to it (both dating from Oct04) are left unresolved: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/57900 http://thread.gmane.org/gmane.mail.spam.spamassassin.general/58087 The practical consequence of this (aside from the unorthodoxy -- undesired processes owned by root) is that the permissions of my ~user/.spamassassin/bayes_journal file get changed to root:spamd 0660. I wanted them to be spamd:user 0660, so that the user can run sa-learn without asking for root's help. Is that not the 'right way' to do things? Has there been a resolution to this question? If not, .. doesn't everybody have this problem? Or is it not a problem? If not, why not? -Brandon