On 17/06/16 14:49, RW wrote:
On Fri, 17 Jun 2016 14:07:33 +0100
Sebastian Arcus wrote:
Site-wide bayes files are owned
by spamd. Regarding the daemon, it is started with
--socketowner=spamd and socketpath=spamd. Is this enough, or
should it be actually started with "su" as "spamd" user?
If you start it as root with the -u spamd (or --username) it will drop
privileges to spamd. Starting it as root allows it to bind to a low
port should you need that.
"socketpath=spamd" sounds idiotic, hpwever for a site-wide setup
there is no point in start it as root instead directly as the
correct user, see below, can#t say anything about "su" in service
files since i don't touch sysvinit for 5 years now
That is probably so - I've taken another look at my startup scripts,
and I have to say it feels like I've been tying myself in knots with
--socketowner and --socketgroup and --username. I was thinking that
for my setup using:
--username=spamd --socketownder=exim --socketgroup=exim
might be the most suitable. Is it better to run it instead with
--socketmode=666
You should use -u,--username unless you need to access per user data
from unix home directories. You need this even if you start directly as
spamd.
and not bother with setting owner and group for the socket?
Is there any particular reason for even using a socket file?
A good point - if I leave them out, spamd will talk on the default IP
port, and Exim can do that as well. Thank you for suggesting!
