Bug 7637

Summary: spamd should accept --username=root
Product: Spamassassin Reporter: Torsten Bronger <bronger>
Component: spamc/spamdAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: enhancement    
Priority: P2    
Version: unspecified   
Target Milestone: Undefined   
Hardware: PC   
OS: Linux   

Description Torsten Bronger 2018-10-01 12:24:45 UTC
In the container world, it is a PITA to be forced to run services as non-root.  "root" in a container does not have any special permissions outside the container, so the only security concern is to be careful which directories to mount into the container – which is true whether the container has a root process or not.

For SpamAssassin, I run one container with spamd and another with sa-learn/sa-update.  With root being precluded for spamd (not for sa-learn, by the way), you have to keep the UID/GID synchronised between the images.  Moreover, you have to add the user to the images in the first place.  Both would be unnecessary with root.

Besides, giving "--username root" cannot happen accidentally, and “nobody” would remain the default.

Thus, I request to allow "--username root" for spamd.