FROM: Theo Van Dinter
DATE: 09/05/2002 17:31:00
SUBJECT: RE: [SAtalk] Razor 2.14 and SpamAssassin 2.41 problem

 


--ChQOR20MqfxkMJg9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 05, 2002 at 04:35:14PM -0700, David Rees wrote:
> Hmm, that also works for me.  Anyone know why?

Ok, here's the one-time posting about this. :)

The problem is that spamd can't write to the razor-agents.log file.
The reason for this is that 2.4x spamd looks at the $HOME environment
variable when it gets started.  So for most people, it remembers root's
home directory.  That saved variable is what spamd sets $HOME to before
running Razor, DCC, etc.

The problem is that things like .razor/razor-agents.log are not world
writable.  So when spamd switches UID to the spamc user, that user
doesn't have write access to the original razor-agents.log file, and
you get the error.

So, if you do the link to /dev/null trick, and generic users can access
that file, the problem goes away because /dev/null is world writable.

Unfortunately, on systems like Linux where root's home directory is
/root and likely has permissions 700, the link trick doesn't work since
you can't get to the file to try writing to it, even though the end file
is world-writable.

A patch was included for 2.41 which adds a -H option to spamd.  This
options lets you override the default remembering of the $HOME variable
from above.  Basically, "-H /directory" specifies that spamd should use
a specific directory to get the Razor, DCC, etc, config files.  It's the
same idea as the default setting, except it's a different location.
This is useful if the admin wants to have a central configuration for SA,
Razor, and DCC.

If you specify "-H" with no parameter, spamd will dynamically switch to
the spamd user's home directory.  This solves the permissions problem, but
may not work in all configurations.  The default takes the conservative
approach since $HOME from the user running spamd is almost guaranteed
to exist.



Hopefully this answers the question.  I personally use "-H" since all
of my users have their home directory accessible from my mail server.
No more permission problems. :)

--=20
Randomly Generated Tagline:
"You must lash out with every limb, like the octopus who plays drums."
         - The Sphinx in Mystery Men

--ChQOR20MqfxkMJg9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9d/dDAuOQUeWAs2MRAogXAKD4z7YZXToosFzA1RMTnR6knjyMogCgi7DY
bH4z/Wn/H6PFGb2MnT9i+uY=
=rHje
-----END PGP SIGNATURE-----

--ChQOR20MqfxkMJg9--


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Spamassassin-talk mailing list
<EMAIL: PROTECTED>
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk