SA Bugzilla – Bug 4022
spamd respawns not with setuid() to user given with -u
Last modified: 2005-05-10 11:48:13 UTC
spamd started with: -c -d -u cyrus cyrus 22889 65.6 18.9 51740 48676 ?? Ss 6:48PM 0:12.18 /usr/local/bin/spamd -c -d -u cyrus -r /var/run/spamd/spamd. cyrus 22924 0.0 18.9 51740 48672 ?? S 6:48PM 0:00.01 spamd child (perl) cyrus 22923 0.0 18.9 51740 48672 ?? S 6:48PM 0:00.01 spamd child (perl) cyrus 22922 0.0 18.9 51740 48672 ?? S 6:48PM 0:00.01 spamd child (perl) cyrus 22921 0.0 18.9 51740 48672 ?? S 6:48PM 0:00.01 spamd child (perl) looks after processing max connections per child like this (childs running as root instead cyrus): root 99077 0.0 11.7 56356 30136 ?? I 11:45AM 3:56.01 spamd child (perl) root 99076 0.0 17.8 80508 45836 ?? I 11:45AM 2:49.40 spamd child (perl) root 99075 0.0 15.5 55560 39840 ?? I 11:45AM 0:18.12 spamd child (perl) root 99074 0.0 15.4 56240 39636 ?? I 11:45AM 0:19.78 spamd child (perl) cyrus 98999 0.0 5.6 51740 14304 ?? Is 11:45AM 0:12.21 /usr/local/bin/spamd -c -d -u cyrus
Subject: Re: New: spamd respawns not with setuid() to user given with -u On Wed, Dec 08, 2004 at 09:49:55AM -0800, bugzilla-daemon@bugzilla.spamassassin.org wrote: > spamd started with: -c -d -u cyrus > cyrus 22889 65.6 18.9 51740 48676 ?? Ss 6:48PM 0:12.18 > /usr/local/bin/spamd -c -d -u cyrus -r /var/run/spamd/spamd. > > looks after processing max connections per child like this (childs running as > root instead cyrus): > cyrus 98999 0.0 5.6 51740 14304 ?? Is 11:45AM 0:12.21 > /usr/local/bin/spamd -c -d -u cyrus The first issue is that the parent PID has changed, so you're not running the same spamd. They even have different commandline options (no -r on the second one).
Im not as dumb to know that. I tried to submit a simple example, commandline parameters are cut off by terminal window. The next few lines shows you the same parent process (22889) as yesterday I restarted it. I have max. conn. per chield set to 16 to reproduce it faster: root 60146 0.0 11.8 55124 30488 ?? I 6:06AM 0:31.92 spamd child (perl) root 60024 0.0 15.7 61344 40432 ?? I 6:05AM 0:43.93 spamd child (perl) root 60023 0.0 15.6 55740 40144 ?? I 6:05AM 0:48.92 spamd child (perl) root 59993 0.0 18.7 65436 48088 ?? I 6:05AM 0:50.89 spamd child (perl) cyrus 22889 0.0 0.5 51740 1320 ?? Is 6:48PM 0:12.40 /usr/local/bin/spamd -c -d -u cyrus -r /var/run
I think this is similar to bug #3897. See there for a patch.
Yes it sounds similar. But I am running spamd as cyrus and start spamc only and explicit as user cyrus (by postfix) and root never connects to spamd.It's not only a problem of changing back to correct user after processing, because it should run as user invoking spamc.
Correct me if I'm wrong: If you start spamd with "-u user" it will *always* run as "user", regardless of the actual user that comes from spamc. From the manpage: "If this option is not set, the default behaviour is to setuid() to the user running "spamc", if "spamd" is running as root." (Note the magic word "not".) Hence you are forcing spamd to always run as "cyrus", and you observe is that it doesn't setuid to "cyrus" after child re-spawn. This is exactly what bug #3897 is about. Can you please try the patch in that bug?
Michael -- any results from trying the bug 3897 patch?
should be fixed by bug 3897 or bug 3900.