On Tue, 24 Feb 2015 07:13:20 -0700 @lbutlr wrote: > > > On Feb 24, 2015, at 6:44 AM, RW <rwmailli...@googlemail.com> wrote: > > > > On Sun, 22 Feb 2015 07:49:49 -0700 > > @lbutlr wrote: > > > >> plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot > >> create lockfile /home/kreme/.spamassassin/bayes.mutex: Permission > >> denied > >> > >> (And yes, that is correct, the spamassassin files in user?s home > >> are not world read/writ). > > > > Normally they shouldn't be because spamd would drop it's privileges > > to run as kreme (or whatever user ran spamc). spamd need to > > start-up as root, and not drop privileges to a single unprivileged > > user, for this to work. > > spamassasin?s main process runs as root, but the child processes run > as spamd:
I was simplifying a bit, it's the child processes that matter. > $ psa spam > spamd 17468 2.3 4.1 93932 83280 ?? S 5:38AM 0:56.98 > spamd child (perl) root 22797 0.0 2.7 65260 55732 ?? Ss > Sun08AM 0:31.80 /usr/local/bin/spamd -u spamd > -H /var/spool/spamd -d -r /var/run/spamd/spamd.pid (perl) root > 45927 0.0 0.8 33904 15680 ?? Is 15Feb15 > 1:01.33 /usr/local/sbin/spamass-milter -f > -p /var/run/spamass-milter.sock -r 9 -u spamd -e covisp.net -- -s > 5242880 spamd 93842 0.0 3.3 81644 66804 ?? S 5:03PM > 1:32.51 spamd child (perl) > > Which is, I believe, the recommended configuration. Starting spamd with -u is for global, or per virtual user, settings and databases. It doesn't work well with ordinary unix home directories, see --virtual-config-dir or use an SQL database.
