On Sun, Apr 3, 2011 at 2:38 PM, Benny Pedersen <m...@junc.org> wrote: > On Sun, 3 Apr 2011 13:30:44 -0700, Ori Bani <orib...@gmail.com> wrote: >> From what I can tell, it is common to have local.cf >> permissions/ownership as >> >> root:root 644 (rw-r--r--) > > correct > >> But I have some database passwords (bayes, awl) in that file and >> would like NOT to have world read permissions on that file. > > put this passwords in user_prefs for that user that the deamond runs as > and make it only readeable by this user > > for amavisd its > > chown vscan user_prefs > chmod 0600 user_prefs > > in vscan homedir > cd ~vscan > cd .spamassassin > > put the user_prefs there
Well I call spamc/spamd from courier maildrop. So my spamd startup options use the -u flag to run it as the user "maildrop". That's only a system account and I'd rather not create user prefs for that user if possible (but will if I have to). I played with it and set /etc/mail/spamassassin/local.cf to: root:root 600 (rw-------) And it seems to work fine in simple testing. So even though it's not readable by the "maildrop" user that spamd runs as, it still works. Why is that? Does spamd start as root and read system-wide local.cf before changing to the user indicated by the -u flag? If that's the case, wouldn't it do that no matter how you're using spamd? In what environments does the systemwide local.cf need to be world readable???
