[Bug 192036] [NEW] sa-learn does not preserve file permissions

Thu, 14 Feb 2008 19:40:19 -0800 

Public bug reported:

Binary package hint: spamassassin

I'm running spamassassin 3.2.3-0ubuntu1 (gutsy).  The SA daemon runs as
an unprivileged user (--groupname=spamd --username=spamd), and therefore
it creates its bayes files chown that user:

[EMAIL PROTECTED]:~# ls -al .spamassassin/
-rw------- 1 spamd spamd 1269760 Feb 14 20:44 auto-whitelist
-rw------- 1 spamd spamd  659456 Feb 14 20:45 bayes_seen
-rw------- 1 spamd spamd 5308416 Feb 14 20:45 bayes_toks
-rw-r--r-- 1 spamd spamd    1487 Aug  1  2007 user_prefs

The problem is, the sa-learn utility provides no facility to run as a
different user.  If sa-learn is run as root, the bayes_toks file becomes
chown root, and the daemon loses access to it (not sure why... see
below).

This creates an awkward combination of file access issues.  The sa-learn
application needs to run as the spamd user (from cron in my case), but
if its host script runs as the unprivileged user it will not have access
read/remove mail files from the maildirs.  Running the script as root
gives it the required access, but breaks the bayes_toks file.

There are various ways to work around this issue, but the ones I've come
up with seem hackish.  Running multiple scripts, or doing a manual
chown, causes race conditions.  I can see two "good" ways to fix this,
both of which should be implemented in sa-learn itself:

1) Give sa-learn the same --groupname/--username options as the daemon has.  
That way the host script can run as root while sa-learn still runs as the 
proper user.
2) Rework sa-learn to respect the existing file ownership.  I don't really 
understand why sa-learn changes the ownership of bayes_toks to begin with, so 
should it be considered a bug, this might be a quick fix.

** Affects: spamassassin (Ubuntu)
     Importance: Undecided
         Status: New

-- 
sa-learn does not preserve file permissions
https://bugs.launchpad.net/bugs/192036
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to