https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7637
Bug ID: 7637
Summary: spamd should accept --username=root
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: spamc/spamd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
In the container world, it is a PITA to be forced to run services as non-root.
"root" in a container does not have any special permissions outside the
container, so the only security concern is to be careful which directories to
mount into the container – which is true whether the container has a root
process or not.
For SpamAssassin, I run one container with spamd and another with
sa-learn/sa-update. With root being precluded for spamd (not for sa-learn, by
the way), you have to keep the UID/GID synchronised between the images.
Moreover, you have to add the user to the images in the first place. Both
would be unnecessary with root.
Besides, giving "--username root" cannot happen accidentally, and “nobody”
would remain the default.
Thus, I request to allow "--username root" for spamd.
--
You are receiving this mail because:
You are the assignee for the bug.
