On Thursday 29 May 2008 09:06:18 Henrik K wrote: > On Thu, May 29, 2008 at 08:50:15AM +0300, Tuomo Soini wrote: > > Another problem with 2.6.0 is that it drops privileges too early and > > can't open pid file in /var/run. > > Why /var/run? By default it's $MYHOME/amavisd.pid. From securitys point of > view, there is no reason to write files as root. Or to even start amavisd > as root if you are not chrooting.
Agreed. It is unlikely this would be changed back to a previous (more risky) behaviour. It should be documented in release notes though - will do so. When not running chrooted it is also less risky to specify '-u vscan' as a command like option to amavis, or to start it as the as 'su vscan', instead of starting it as root, letting it read its config file as root, and only then drop privileges (this is necessary bacuse $daemon_user setting is not known before reading a config file, unless overridden by -u). Mark ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
