spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ml@smtp.fakessh.eu" ...@smtp.fakessh.eu>
Subject Re: Securing spamd [single (non root) OS user]
Date Fri, 08 Jul 2011 19:03:13 GMT
Le vendredi 8 juillet 2011 19:00, Andrzej Adam Filip a écrit :
> Kārlis Repsons <karlis.repsons@gmail.com> wrote:
> > All,
> > I'd like you to review approximately how I'm running spamd. My concern
> > is security. You can see that the child processes are run by spamd user,
> > but the main process is still run by root:
> >
> > ps -C spamd -o user,cmd
> > USER     CMD
> > root     /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd
> > --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell spamd
> >    spamd child
> > spamd    spamd child
> >
> > How secure is that (no I didn't make any crazed chroots or so) and what
> > would you suggest to isolate spamd from possible outside intrusions?
> > Thanks...
>
> Do you need spamd changing OS user ids? (e.g. to access ~/.spamassassin/ )
>
> I have used "personal" [single (non root) OS user] spamd without any
> problems.

e.g in my system 
folder .spamassassin is owned by  group users
r13151 ~]# ls -al /home/fakessh/.spamassassin/
total 44
drwx------  2 fakessh users  4096 jui  6 20:31 .
drwxr-xr-x 19 fakessh users  4096 jui  6 01:38 ..
-rw-------  1 fakessh users 12288 jui  6 00:17 auto-whitelist
-rw-------  1 fakessh users 12288 jui  6 00:16 bayes_seen
-rw-------  1 fakessh users 12288 jui  6 20:31 bayes_toks
-rw-------  1 fakessh users  1869 jui  5 23:54 user_prefs

-- 
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7

Mime
View raw message