bayes_journal - Bad permissions

Glenn Steen glenn.steen at gmail.com
Wed Nov 29 09:25:46 GMT 2006


On 29/11/06, Martin <martin.lyberg at gmail.com> wrote:
> Glenn Steen wrote:
>
> > Hej Martin,
>
> Hej Glenn :)

We'll have to be careful with using Swedish here... Otherwise the
"bork-bork-bork" fanatics will start up...:-)

> >
> > (Apart from this being the wrong mailing list:-)... Have you set
> > bayes_file_mode 0770
> > (at least) in either /etc/mail/spamassassin/local.cf or
> > /etc/mail/spamassassin/mailscanner.cf ?
>
> Yes, 0770 is set in /etc/MailScanner/spam.assassin.prefs.conf:
>
> bayes_file_mode 0770
Good.
> > Why do you have them all with s? Effective group is immaterial, since
> > these aren't executable... The only one that might have the effect you
> > want is the "." directory one:-). Do a
> > chmod 0660 *
> > to clear that (no, it doesn't hurt anything either, and don't clear it
> > on the directory:-).
>
> I've changed it to +s yesterday when i read in a thread in this list (or
> in the mailwatch-list) about someone having the same problem.
Hm, let me demonstrate why setgid is a good idea for directories (and
not much else:-):
[root at mail ~]# mkdir a
[root at mail ~]# chown glenn.glenn a
[root at mail ~]# touch a/a
[root at mail ~]# ls -la a
totalt 12
drwxr-xr-x   2 glenn glenn 4096 nov 29 10:18 ./
drwx------  69 root  root  8192 nov 29 10:18 ../
-rw-r--r--   1 root  root     0 nov 29 10:18 a
[root at mail ~]# chmod 2755 a
[root at mail ~]# touch a/b
[root at mail ~]# ls -la a
totalt 12
drwxr-sr-x   2 glenn glenn 4096 nov 29 10:19 ./
drwx------  69 root  root  8192 nov 29 10:18 ../
-rw-r--r--   1 root  root     0 nov 29 10:18 a
-rw-r--r--   1 root  glenn    0 nov 29 10:19 b
[root at mail ~]#
... as you can see, after setting the setgid bit on the directory,
files put into that directory is "forced" to be owned by the
directorys group. This piece of "magic" isn't present in all *nix
systems, so do try it before setting it. Setting the setgid bit has no
real effect on regular files (hence "ls -l" showing it as capital S).
So not really a problem, but not beneficial either.
No such "magic" exist for directories and the setuid bit, so that
shouldn't be set either.

> Anyway, i've changed /var/spool/MailScanner/spamassassin/ back to 0660
> now. As it was before.

I hope you ment that you set the _files_ in
/var/spool/MailScanner/spamassassin/ to 0660, not the directory...
That should be mode 2770, in your case;-).

> > Then check in MailScanner.conf that you have:
> > Incoming Work Permissions = 0660
> > Quarantine Permissions = 0660
> > as well as the
> > Run As User = postfix
> > Run As Group = postfix
> > Quarantine User = postfix
> > Quarantine Group = www-data
>
> There were one difference in my config.
>
> my Incoming Work Permissions was set to 0600, and not 0660. Could this
> been causing the problem? I've changed it now and will see if it helps.

Yes, that seems rather likely.

> > Most important is the bayes_file_mode "mask".
> >

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list