On Sunday 12 July 2015 at 11:07:30 (EU time), Reindl Harald wrote:

> Am 12.07.2015 um 10:59 schrieb Antony Stone:
> > On Sunday 12 July 2015 at 10:48:28 (EU time), Reindl Harald wrote:
> >> the root of all evil is when people start calling tools as root
> > 
> > Since this appears to be such a common problem, would it perhaps be a
> > good idea to include a warning in sa-learn if it is run as UID=0, along
> > the lines of "You are running this command as root, which is almost
> > certainly NOT what you should be doing.  This command should be run by
> > the same user ID as spamassassin itself runs under."
> 
> frankly it should refuse to start at all not only warn

That's certainly an alternative, however it doesn't really conform to the Unix 
approach of "do what the user requested, even if it's a bit stupid".

Maybe a good compromise would be to emit the above warning message and then 
stop, which behaviour can be overridden with a "--root-anyway" or similar 
option (I don't know when that could genuinely be useful, but I really don't 
like the idea of a command which will not do what a user requests, even when 
it's what the user really wants).

> on the other hand if you start a cli tool which analyzes bad mail
> including malware by definition with root permissions you should
> consider refrain from maintain a public mailserver and that's not
> disrespectfully

Ah, but the very word "consider" in your comment above means the person needs 
to be aware that this is something to think about.  If the tools do not warn 
the user when they're being run under the wrong UID, how does the novice email 
admin learn what's right and what's wrong?

 - please don't answer along the lines of "nobody should be allowed to run an 
email server until they've had at least 5 years experience of doing so" :)


Regards,

Antony.

-- 
"A person lives in the UK, but commutes to France daily for work.
He belongs in the UK."

 - From UK Revenue & Customs notice 741, page 13, paragraph 3.5.1
 - http://tinyurl.com/o7gnm4

                                                   Please reply to the list;
                                                         please *don't* CC me.

Reply via email to