Jean-François Bachelet wrote:
Hello bob ^^)
1) OK. Relevant perms on an Ubuntu system:
/var/lib is 755 owned by root
/var/lib/spamassassin is 755 owned by debian-spamd
/var/lib/spamassassin/3.004006 is owned by root (installer)
/var/lib/spamassassin/compiled is owned by debian-spamd
/var/lib/spamassassin/sa-update-keys is owned by debian-spamd
/var/lib/amavis is 750 owned by amavis
Home directory for amavis is: /var/lib/amavis
Home directory for spamassassin is: /var/lib/spamassassin
NOTE: I use Amavis. EUID is a user called amavis. That's fine, it only
read access to any spamassassin files anyway. If you do any exotic
logging with Amavis, make sure the amavis home directory is writeable to
amavis. The default quarantine folder is usually under /var/lib/virusmails.
2) On stock Ubuntu, there is a cron job called
/etc/cron.daily/spamassassin that runs. That runs sa-compile as
debian-spamd. You don't need sticky bits anywhere or SUIDROOT.
3) So, you're likely to be having issues with SELinux/AppArmor******.
You'll probably want to have a normal shell, /bin/sh, for both the
debian-spamd and amavis users. You might see errors in the
/var/log/apport.log file on Ubuntu, /var/log/syslog and/or
/var/log/kern.log on Debian.
FWIW,
-- Jared Hall
