Do you mean the unprivileged user in "spamd -u", or the username passed to spamd by spamc?

Either way I don't see why it would be useful, it sounds like an option for something that shouldn't happen in the first place.

The latter case. I'm using spamass-milter that passes destination username to spamc (in this case, after expantion by sendmail -bv), and the destination user may not exist (e.g. it's alias to remote address).
I do not think that spamass-milter should take care about the username, since it 
would require new code into it.

I believe there may be other cases where the username does not exist.

While I may agree that this is a situation that should not happen, the fallback is already implemented and 'nobody' is not always a good idea as I mentioned before.

if spamd is started as nobody, it cant run as user_prefs settings, so it only root to fallback to

saame reason that apache have one single thread that is owned by root in top, and other spawned as apache, even postfix have one master that runs as root, but services is never run as root

all services binding to lowports under 1024 will have to start as root and dropprivs after to be secure

just a reminder to not make this not work here

Benny, this has already been clarified. It's the user passed via the spamc-spamd protocol, not the user that spamd starts-up with or permanently drops down to with spamd -u.

okay my fault, is this still a spamassassin problem ?

would it not be mainer packagement way to setup spamd as running on non privileged user if only virtual users is needed in spamc ?

http://www.ijs.si/software/amavisd/README.sql-mysql.txt

is spamd/spamc not supporting db based defaults for say nobody ?

just trying to understand why its a bug report here ?

http://www.tnpi.net/wiki/SA_per-user_preferences

i could remember i tryed get it to work, but at that time i used amavisd so the spamd/spamc was hard to get working for me

(In reply to Benny Pedersen from comment #5)
> okay my fault, is this still a spamassassin problem ?

It's a feature request not a problem.  
 
> would it not be mainer packagement way to setup spamd as running on non
> privileged user if only virtual users is needed in spamc ?

That's a good thought.  Make the terms nobody defined at the top of spamd.raw for a maintainer of packages to change rather than add a configuration option.  If a user wanted to change, they could modify spamd.raw (or spamd) and just change the config var in the script. 

Regards,
KAM

okay, good, its just that as a gentoo maintainer i would not change raw files, but provide needed changes in ebuild to go virtual_user or system_user where it cant be enabled both at the same time

dont know how other distors handle it, but this was my thought about it

note: gentoo devs does not change tarballs, unless its really needed, and if it is it will be a patch to show the problem it solves :)

No clear direction how to proceed, postponing into future

Created attachment 5764 [details]
adds default username option

I'm attaching a patch that adds -U / --default-user option.
It was made on SA 3.4.6 / Debian 11, thus with debian patches.
I run it on mu machine and it works as expected.

Perhaps this option could be used for default LDAP and SQL users too, as they are currently hardcoded to 'nobody' too

Created attachment 5780 [details]
patch for SA 4

I'm adding patch for spamd version 4, adds -U | --default-user option to specify fallback user instead of "nobody"

https://packages.gentoo.org/packages/acct-user/spamd
https://packages.gentoo.org/packages/acct-group/spamd
https://packages.gentoo.org/packages/mail-filter/spamassassin
https://bugs.gentoo.org/778734

all this remnoves user_prefs support, so only virtual_config is now supported, but it makes no need to start spamd as root with imho is great for secureity

i post this links here in hope other distros do the same atleast for security

I don't use gentoo, but I still use spamass-milter that uses per-user configs.
I used first version of the patch on my machine and it worked properly.
I only recently upgraded to SA4rc1 so I don't have any log examples though.

this is test with non-existing (aliased) recipient postmaster:

root     28679  0.0  1.9 109756 77904 ?        Ss   12:29   0:03 /usr/bin/perl -T -w /usr/sbin/spamd --max-children 4 --helper-home-dir --default-user=abuse -d --pidfile=/var/run/spamd.pid

May 11 14:24:49 fantomas spamd[28685]: spamd: connection from 127.0.0.1 [127.0.0.1]:57432 to port 783, fd 6
May 11 14:24:49 fantomas spamd[28685]: spamd: handle_user (getpwnam) unable to find user: 'postmaster'
May 11 14:24:49 fantomas spamd[28685]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to abuse
May 11 14:24:49 fantomas spamd[28685]: spamd: processing message <a4de89a3-0605-ec06-0c1c-9e84291e9736@example.com> for postmaster:126
May 11 14:24:54 fantomas spamd[28685]: spamd: clean message (-1.9/5.0) for postmaster:126 in 5.2 seconds, 1794 bytes.
May 11 14:24:54 fantomas spamd[28685]: spamd: result: . -1 - BAYES_00,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE scantime=5.2,size=1794,user=postmaster,uid=126,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=57432,mid=<a4de89a3-0605-ec06-0c1c-9e84291e9736@example.com>,bayes=0.000000,autolearn=ham autolearn_force=no

No CLA, but committing as trivial, adjusted docs a bit.

Committed revision 1901416.