|Summary:||spamd should accept --username=root|
|Product:||Spamassassin||Reporter:||Torsten Bronger <bronger>|
|Component:||spamc/spamd||Assignee:||SpamAssassin Developer Mailing List <dev>|
Description Torsten Bronger 2018-10-01 12:24:45 UTC
In the container world, it is a PITA to be forced to run services as non-root. "root" in a container does not have any special permissions outside the container, so the only security concern is to be careful which directories to mount into the container – which is true whether the container has a root process or not. For SpamAssassin, I run one container with spamd and another with sa-learn/sa-update. With root being precluded for spamd (not for sa-learn, by the way), you have to keep the UID/GID synchronised between the images. Moreover, you have to add the user to the images in the first place. Both would be unnecessary with root. Besides, giving "--username root" cannot happen accidentally, and “nobody” would remain the default. Thus, I request to allow "--username root" for spamd.