Tony Meyer wrote: > [Richard Heck] > >> (1) Is there any reason that sb_server.py needs to run as root? > > No, just make sure you're using ports accessible to the user, that the > scripts (and Python) are executable by the user, and that the > databases are both read & writable by the user. Why do you think it > needs to be run as root?
I didn't see any reason but thought I should ask and make sure. You know, when you ASS-U-ME.... >> (2) The initscripts call daemon(), [...] Is it worth considering >> having sb_server.py [lower its privileges], too? > > I presume you're referring to the script on > http://spambayes.org/unix.html contributed by Dave Handley. If you'd > like to submit your own script, we'd be happy to put that up with the > others. Yes, I'll send one along that I've now got working properly. But the suggestion was that sb_server.py should handle these things itself (as most system daemons do), that is, lower its own privileges if it discovers that it is running as root and then daemonize itself by forking and dissociating itself from the originating process. Indeed, a more careful treatment might set up the listening ports before the lowering of privileges (which would require a restart when they changed), or lower the privileges of every process except the one that sets up the listening ports, so that the proxy could run as an unprivileged user AND bind ports below 1024. It was in that neighborhood that I meant to be making a suggestion, which is why I sent it to the spambayes-dev list. I could probably make the changes necessary for the simpler version. It'd take more sophistication than I have, I think, to make the latter work. Richard _______________________________________________ [email protected] http://mail.python.org/mailman/listinfo/spambayes Check the FAQ before asking: http://spambayes.sf.net/faq.html
