On 11/27/2017 11:53 AM, Colony.three wrote: >> It simply would not create /run/spamassassin directory on boot. It is >> supposed to create it automatically like clamd does, since /run is wiped >> at each boot. To make it work I finally had to add: >> ExecStartPre=/usr/bin/mkdir /run/spamassassin >> ExecStartPre=/bin/chown -R spamd:spamd /run/spamassassin > > There's a root exploit for the "spamd" user in that last line. Assuming > you got the tmpfiles.d thing working, you should delete those > ExecStartPre commands.
Can you explain further please? If this is true, someone should tell Red Hat that their /usr/lib/systemd/system/spamass-milter-root.service has the same problem. I need spamass-milter-root to be able to write to the spamassassin socket so it can communicate with spamd. Recommendations requested. PS - I'm not using tmpfiles.d, I'm using systemd's RuntimeDirectory=spamassassin RuntimeDirectoryMode=770 ... to create the /run directory.
