Le vendredi 07 mai 2010 à 08:03:18 (-0500), Kenneth Marshall a écrit : > Date: Fri, 7 May 2010 08:03:18 -0500 > From: Kenneth Marshall <k...@rice.edu> > To: Stevan Baji?? <ste...@bajic.ch> > Cc: dspam-user@lists.sourceforge.net > Subject: Re: [Dspam-user] DSPAM centralized setup for several MX servers > > On Fri, May 07, 2010 at 02:51:37PM +0200, Stevan Baji?? wrote: > > On Fri, 7 May 2010 14:37:49 +0200 > > Julien Valroff <jul...@kirya.net> wrote: > > > > [...] > > > Well, both, though you are right, my first thoughts were for the use of > > > suExec for the > > > WebGUI. > > > > > The WebGUI is actually doing two things: > > 1) reading data from DSPAM_HOME > > 2) executing the dspam binary > > > > To avoid suExec for (1) you need to have ALL data in the database. Not only > > quarantine. > > To avoid suExec for (2) you could add the web server user to be a trusted > > user. > > > > The WebGUI however would need to be much more complex if everything is in a > > database. The UI would need to implement direct access logic to the > > database. Right now the WebGUI is storage backend unaware. > > > > We run the web server as the same user as we run DSPAM as a trusted user > to avoid both (1) and (2). It works very well and no suExec needed.
That is unfortunately not possible for the Debian package (that is my concern about suExec) Cheers, Julien ------------------------------------------------------------------------------ _______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
