[Pkg-dspam-misc] Bug#385760: The dspam daemon should be run by user dspam

Erik Johansson debian at ejohansson.se
Sat Sep 2 21:47:33 UTC 2006 

Package: dspam
Version: 3.6.8-2~erik.1
Severity: normal

Hello,

I maintain a sarge backport of dspam[1]. Today I received some suggestions
from a user of the backport. Since I think the suggestions apply to the
version in unstable as well, I'm forwarding the suggestions to you. 

My backported packages are identical to the version in unstable, except a
change in build-dep: libmysqlclient15-dev => libmysqlclient14-dev

I'm also considering trying to get dspam included on backports.org. If you
have any objections to this, please let me know.

Best regards
// Erik

[1] - deb http://eddie.ejohansson.se/debian/ sarge main

== From Günther Mair ==

[...] I experienced some trouble when running it straigth away with  
the dspam-webinterface for learning. Reason: the webinterface while  
running suexec'ed as "dspam" would not have access to update the log- 
files in "/var/spool/dspam/data/MYDOMAIN/MYUSERNAME"...

They regularly become owned by the "root" user and write-back to them  
from the webinterfaces becomes impossible (if i don't change root's  
umask which I would prefer not to.... ;-) ).

What I did and what I would like you to consider on this package is  
the following:

- change the init-script to run the dspam daemon as dspam user  
instead of root (doesn't change anything anyway - just one process  
needlessly running as root less), while you still may execute the  
dspam-client apps as root (use the "--chuid" parameter for start-stop- 
daemon)

- chown & chgrp the files beyond /var/spool/dspam to dspam user &  
dspam group

- change the PID-File in your init-script and dspam-default  
configuration to reside inside the /var/run/dspam directory owned by  
dspam (so dspam user can write to it)

- change the logfile to reside in an directory writeable by dspam  
(ie. /var/log/dspam/dspam.log)

-  the dspam_logrotate application should obviously be run as user dspam (or
like this: [su - dspam "dspam_logrotate -a 90 -d /var/spool/dspam/data"]),
otherwise the rotated logfiles may not be accessible to the dspam-daemon
anymore - as actualy happened today with my installation ;-)

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (200, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.17.9
Locale: LANG=en_US, LC_CTYPE=sv_SE (charmap=ISO-8859-1)

Versions of packages dspam depends on:
ii  adduser               3.63               Add and remove users and groups
ii  libc6                 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii  libdspam7             3.6.8-2~erik.1     DSPAM is a scalable and statistica
ii  libldap2              2.1.30-8           OpenLDAP libraries
ii  procmail              3.22-11            Versatile e-mail processor

-- no debconf information

More information about the Pkg-dspam-misc mailing list