spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrzej Adam Filip <andrzej.fi...@gmail.com>
Subject Re: Securing spamd [single (non root) OS user]
Date Fri, 08 Jul 2011 17:00:50 GMT
Kārlis Repsons <karlis.repsons@gmail.com> wrote:
> All,
> I'd like you to review approximately how I'm running spamd. My concern
> is security. You can see that the child processes are run by spamd user,
> but the main process is still run by root:
>
> ps -C spamd -o user,cmd
> USER     CMD
> root     /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd --nouser-config --helper-home-dir=/sysram/spamassassin
--allow-tell
> spamd    spamd child
> spamd    spamd child
>
> How secure is that (no I didn't make any crazed chroots or so) and what
> would you suggest to isolate spamd from possible outside intrusions?
> Thanks...

Do you need spamd changing OS user ids? (e.g. to access ~/.spamassassin/ )

I have used "personal" [single (non root) OS user] spamd without any problems.

-- 
[pl>en: Andrew] Andrzej Adam Filip : anfi@onet.eu
I have made this letter longer than usual because I lack the time to
make it shorter.
  -- Blaise Pascal

Mime
View raw message