http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5163
Summary: spamd drops root rights too late (after installing
default config)
Product: Spamassassin
Version: 3.1.3
Platform: Other
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=387883
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: spamc/spamd
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
I am debugging a problem in which the virtual mail folder hierarchy
is being created with the wrong user rights (root/root, rather than
vmail/vmail). I have found the culprit to be spamd.
spamd is running with options
--create-prefs --max-children 5 --helper-home-dir --allow-tell
--paranoid --virtual-config-dir=/srv/vmail/%d/%l/.spamassassin -x
-D --pidfile=/var/run/spamd.pid
postfix delivers to spamc:
spamc -x -u ${recipient} -e /usr/lib/dovecot/deliver -d ${recipient}
and this causes spamd to print the following debug info:
[4319] info: spamd: using default config for [EMAIL PROTECTED]:
/srv/vmail/madduck.net/test/.spamassassin/user_prefs
[4319] dbg: info: user has changed
[4319] dbg: config: using "/srv/vmail/madduck.net/test/.spamassassin" for user
state dir
note how it uses the default config (which actually means that it
installs the default config) before changing the user. As a result,
/srv/vmail/madduck.net/test will be owned by root and mode 0700 (die
to the restrictive umask I use). When later the deliver process
tries to write the mail to the directory as the vmail user, it
fails.
I think spamd should install the configuration for new users (when
it does not yet exist) only *after* dropping root rights.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
