On 24 Jun 2015, at 16:21, RW wrote:
On Mon, 22 Jun 2015 22:42:09 -0400
Bill Cole wrote:
On 22 Jun 2015, at 21:45, Michael B Allen wrote:
So with a default install (CentOS 7 in my case and I suspect pretty
much all other systems), bayes will NOT just work by default unless
you explicitly modify /etc/mail/spamassassin/local.cf to tell
sa-learn to use the bayes db owned by spamd
(/var/log/spamassassin/.spamassassin/bayes in my case) and NOT the
one owned by root?
Don't do that, ever, on any regular file, on any system that has
processes running as more than just root. I know it's in the SA Wiki,
but it's an irresponsible recommendation.
The default is that spamd starts as root and its children drop
privileges and run as the user running spamc. Running spamc as root
is
the source of the myth that SA by default stores its data under /root.
Yes, if that's how you run spamd, the user running spamc determines
which per-user config & DBs to use. Which is not actually relevant to
this thread.
spamd can also start as root and then drop to the unprivileged user
once it's bound to its port.
Yes, and based on OP's description that's *specifically* the
configuration being discussed: spamd "running as the user spamd" which
only makes sense as meaning it include "-u spamd" in its args. Also: an
absolute and rather odd bayes_path.
I don't know the wiki passage you are referring to, but I'd be
surprised
if it's actually advocating doing mail scans as root.
You snipped out what I was specifically responding to:
On 22 Jun 2015, at 21:45 , Michael B Allen wrote:
bayes_file_mode 0777
That is used as an example at
http://wiki.apache.org/spamassassin/SiteWideBayesSetup so it is
understandable why it gets used. The text following it denies the
recommendation, but quite weakly.
I've actually found that page useful for screening sysadmin job
candidates, without any expectation that they understand SA to find the
problem. It is much better to never hire the one who will have to be
instructed later on the generic error of using mode 0777.
