RE: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...
> > I should probably add that I personally don't do per-user config because > of the enlarged attack surface it presents and small marginal value, but > that's guided by local details. I work with systems owned by others > where other choices were made for very sound reasons and they have not > had security problems with it, in many years of operations. What you > choose to do should be based on what YOU want. > I have a setup where I globally mark spam and users have the option to 'unmark' messages from senders. So every user has a little db with white listed email addresses. This could be a nice step before going full per-user config.
Re: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...
On 2023-07-07 at 12:08:22 UTC-0400 (Fri, 7 Jul 2023 09:08:22 -0700 (PDT)) Richard Troy is rumored to have said: Hi All, I changed the subject line to hopefully get some insight from a wider audience regarding this situation that Reindl uncovered: It should be noted that Harald Reindl is not a subscriber to this list and cannot be as a result of past behavior. Nothing can stop him from reading public archives and replying directly to list members, but no one else sees them. SpamAssassin can operate in many different modes. How distribution packagers chose the 'default' for their installations is beyond the scope of the SA project per se, and the specific packagers should be consulted if you need an explanation of their choices. If you want spamd to be able to access the per-user preferences and databases for AWL/TxRep and/or Bayes of real system users, spamd must run as root OR you must devise another working configuration which allows that to work. This can be avoided by using virtual users or storing per-user configuration in a database rather than in files on disk. You can also dispense entirely with spamd and have a milter like MIMEDefang call the SA libraries directly, but you still need *SOMETHING* running as root (or a semi-privileged user) if you want to use per-user configuration living in a POSIX filesystem. Arguing over which model is better is pointless, because they are chosen based on local needs. Scolding people for their choice of the reasonable options is just silly. I should probably add that I personally don't do per-user config because of the enlarged attack surface it presents and small marginal value, but that's guided by local details. I work with systems owned by others where other choices were made for very sound reasons and they have not had security problems with it, in many years of operations. What you choose to do should be based on what YOU want. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...
Check the systemd unit file. It should set the user the service runs as.
spamd runs as root on Fedora Server 38 ?! - was Re: Newb on sa-learn - didn't get what I expected as a response...
Hi All, I changed the subject line to hopefully get some insight from a wider audience regarding this situation that Reindl uncovered: It started here: It appears that it IS running as root?! OR maybe as "sa-milt" ... As root I got this: # ps auxwww | grep spamd root 100805 0.0 0.3 158208 121164 ? Ss 00:37 0:05 /usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H --razor-home-dir=/var/lib/razor/ --razor-log-file=sys-syslog Reindl replied: give common sense a few seconds: do you REALLY want to process mails containing junk and malware with root privileges? And went on to share that his Fedora 37 runs as sa-milt. There IS an sa-milt entry in /etc/passwd, so... I just took a few minutes to confirm that the DEFAULT installation on Fedora Server 38 runs spamd as root - at least, that's sure my take from this: # ps -auxwww | grep spam root 192531 2.3 4.0 158360 146936 ? Ss 08:53 0:01 /usr/bin/perl -T -w /usr/bin/spamd -c -m5 -H --razor-home-dir=/var/lib/razor/ --razor-log-file=sys-syslog root 192535 0.0 3.7 158360 137488 ? S08:53 0:00 spamd child root 192536 0.0 3.7 158360 137616 ? S08:53 0:00 spamd child ...GIVEN that this is the DEFAULT on this distribution - a very popular distribution - I'm ... speachless since, as Reindl points out, processing unknown inbound email is NOT a great place to hav a process running as root! THEREFORE: Can anyone give me the quick path to changing this to running as sa-milt, as his system does? Changing the file ownerships is trivial, and I know from doing some packaging for Fedora systems that there's a spot to give the user (and group) IDs programs are supposed to be run under in sysconfig. A quick look shows there are three for Spam Assassin on my system: /etc/sysconfig/spamassassin /etc/sysconfig/spamass-milter /etc/sysconfig/spamass-milter-postfix Before I make changes and possibly screw things up; any advice? Thanks! Richard