[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spambayes
Subject:    [Spambayes] [spambayes-dev] Running sb_server.py from init
From:       rgheck () bobjweil ! com (Richard Heck)
Date:       2006-01-30 16:29:40
Message-ID: 43DE3EF4.5090501 () bobjweil ! com
[Download RAW message or body]

Tony Meyer wrote:

> [Richard Heck]
>
>> (1) Is there any reason that sb_server.py needs to run as root?
>
> No, just make sure you're using ports accessible to the user, that the 
> scripts (and Python) are executable by the user, and that the 
> databases are both read & writable by the user. Why do you think it 
> needs to be run as root?

I didn't see any reason but thought I should ask and make sure. You 
know, when you ASS-U-ME....

>> (2) The initscripts call daemon(), [...] Is it worth considering 
>> having sb_server.py [lower its privileges], too?
>
> I presume you're referring to the script on 
> http://spambayes.org/unix.html contributed by Dave Handley. If you'd 
> like to submit your own script, we'd be happy to put that up with the 
> others.

Yes, I'll send one along that I've now got working properly. But the 
suggestion was that sb_server.py should handle these things itself (as 
most system daemons do), that is, lower its own privileges if it 
discovers that it is running as root and then daemonize itself by 
forking and dissociating itself from the originating process. Indeed, a 
more careful treatment might set up the listening ports before the 
lowering of privileges (which would require a restart when they 
changed), or lower the privileges of every process except the one that 
sets up the listening ports, so that the proxy could run as an 
unprivileged user AND bind ports below 1024.

It was in that neighborhood that I meant to be making a suggestion, 
which is why I sent it to the spambayes-dev list. I could probably make 
the changes necessary for the simpler version. It'd take more 
sophistication than I have, I think, to make the latter work.

Richard


[prev in list] [next in list] [prev in thread] [next in thread]