Bug 7637 - spamd should accept --username=root
Summary: spamd should accept --username=root
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: spamc/spamd (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-01 12:24 UTC by Torsten Bronger
Modified: 2018-10-01 12:24 UTC (History)
0 users



Attachment Type Modified Status Actions Submitter/CLA Status

Note You need to log in before you can comment on or make changes to this bug.
Description Torsten Bronger 2018-10-01 12:24:45 UTC
In the container world, it is a PITA to be forced to run services as non-root.  "root" in a container does not have any special permissions outside the container, so the only security concern is to be careful which directories to mount into the container – which is true whether the container has a root process or not.

For SpamAssassin, I run one container with spamd and another with sa-learn/sa-update.  With root being precluded for spamd (not for sa-learn, by the way), you have to keep the UID/GID synchronised between the images.  Moreover, you have to add the user to the images in the first place.  Both would be unnecessary with root.

Besides, giving "--username root" cannot happen accidentally, and “nobody” would remain the default.

Thus, I request to allow "--username root" for spamd.