[Pkg-dspam-misc] Bug#385760: The dspam daemon should be run by user
dspam
Erik Johansson
debian at ejohansson.se
Sat Sep 2 21:47:33 UTC 2006
Package: dspam
Version: 3.6.8-2~erik.1
Severity: normal
Hello,
I maintain a sarge backport of dspam[1]. Today I received some suggestions
from a user of the backport. Since I think the suggestions apply to the
version in unstable as well, I'm forwarding the suggestions to you.
My backported packages are identical to the version in unstable, except a
change in build-dep: libmysqlclient15-dev => libmysqlclient14-dev
I'm also considering trying to get dspam included on backports.org. If you
have any objections to this, please let me know.
Best regards
// Erik
[1] - deb http://eddie.ejohansson.se/debian/ sarge main
== From Günther Mair ==
[...] I experienced some trouble when running it straigth away with
the dspam-webinterface for learning. Reason: the webinterface while
running suexec'ed as "dspam" would not have access to update the log-
files in "/var/spool/dspam/data/MYDOMAIN/MYUSERNAME"...
They regularly become owned by the "root" user and write-back to them
from the webinterfaces becomes impossible (if i don't change root's
umask which I would prefer not to.... ;-) ).
What I did and what I would like you to consider on this package is
the following:
- change the init-script to run the dspam daemon as dspam user
instead of root (doesn't change anything anyway - just one process
needlessly running as root less), while you still may execute the
dspam-client apps as root (use the "--chuid" parameter for start-stop-
daemon)
- chown & chgrp the files beyond /var/spool/dspam to dspam user &
dspam group
- change the PID-File in your init-script and dspam-default
configuration to reside inside the /var/run/dspam directory owned by
dspam (so dspam user can write to it)
- change the logfile to reside in an directory writeable by dspam
(ie. /var/log/dspam/dspam.log)
- the dspam_logrotate application should obviously be run as user dspam (or
like this: [su - dspam "dspam_logrotate -a 90 -d /var/spool/dspam/data"]),
otherwise the rotated logfiles may not be accessible to the dspam-daemon
anymore - as actualy happened today with my installation ;-)
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (200, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.17.9
Locale: LANG=en_US, LC_CTYPE=sv_SE (charmap=ISO-8859-1)
Versions of packages dspam depends on:
ii adduser 3.63 Add and remove users and groups
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii libdspam7 3.6.8-2~erik.1 DSPAM is a scalable and statistica
ii libldap2 2.1.30-8 OpenLDAP libraries
ii procmail 3.22-11 Versatile e-mail processor
-- no debconf information
More information about the Pkg-dspam-misc
mailing list