On 16 Apr 2018, at 19:01 (-0400), John Hardin wrote:

On Mon, 16 Apr 2018, Computer Bob wrote:

Why should sa-learn not be run as root ?

That's a general safe practice. Do as little as root as you possibly can. Why risk a root crack from an unknown bug in sa-learn that somebody has discovered and figured out how to exploit via email?

Right: don't let malicious strangers talk to root, even via email.

ALSO: sa-learn itself won't stop you from running it as root. Without a global bayes_path, it will learn into ~root/.spamassassin/bayes_* files which no other user can access and spamd can't even TRY to use because it refuses to run as root and drops to 'nobody' if run by root. With a global bayes_path, the bayes_* files will become owned by root and everything else trying to use them (i.e. everything) will fail.

Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

Reply via email to