-# Config file for /etc/init.d/spamd
-#
# ***WARNING***
#
-# spamd was not designed to listed to an untrusted network. spamd
-# is vulnerable to DoS attacks (and eternal doom) if used to listen
-# to an untrusted network.
+# The spamd daemon must not run on an untrusted network.
#
# ***WARNING***
-#
# Additional options to pass to the spamd daemon. The spamd(1) man
# page explains the available options. If you choose to listen on a
# asked it to? After this amount of time, if spamd is still running,
# we will assume that it has failed to stop.
SPAMD_TIMEOUT=15
+
+# Do you want to run spamd as root? If you have local users storing their
+# personal configurations (or bayes databases) in ~/.spamassassin, then you
+# may want to run spamd as root so that it can setuid to each user while
+# processing his spam. (That way, you don't have to grant the "spamd" user
+# individual permissions to everyone's ~/.spamassassin directory.)
+#
+# On the other hand, if you don't store any per-user configuration on
+# the filesystem, then you should leave this alone.
+SPAMD_RUN_AS_ROOT=false
groonga:x:965:
systemd-coredump:x:964:
plex:x:963:
+spamd:x:137:
audio:x:18:pulse,frank,heiko,patrick,vivi,doris,robert,steffen,gast
cdrom:x:19:frank,heiko,patrick,vivi,doris,robert,steffen
tape:x:26:root
-video:x:27:root,frank,heiko,patrick,vivi,doris,robert,steffen,gdm,gast
+video:x:27:root,frank,heiko,patrick,vivi,doris,robert,steffen,gdm,gast,plex
cdrw:x:80:
usb:x:85:
users:x:100:
groonga:!::
systemd-coredump:!::
plex:!::
+spamd:!::
audio:::pulse,gast
cdrom:::
tape:::root
-video:::root,gdm,gast
+video:::root,gdm,gast,plex
cdrw:::
usb:::
users:::
#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-PIDDIR=/run/spamd
-PIDFILE=${PIDDIR}/spamd.pid
+command="/usr/sbin/spamd"
+pidfile="/run/spamd.pid"
+command_args="--pidfile=${pidfile} ${SPAMD_OPTS}"
+command_args_background="--daemonize"
-extra_started_commands="reload"
-
-depend() {
- before mta
- use logger
- use postgresql
- use mysql
-}
-
-start() {
- ebegin "Starting spamd"
+if ! [ "${SPAMD_RUN_AS_ROOT}" = "true" ]; then
+ # Passing --username=root to spamd kills it, so if SPAMD_RUN_AS_ROOT
+ # is true, then we want to pass no user/group command args at all.
+ # Any value other than "true" gets the default user/group of "spamd".
+ command_args="${command_args} --username=spamd --groupname=spamd"
+fi
- # Ensure that the PID file's directory exists.
- checkpath --directory "${PIDDIR}"
+: ${SPAMD_NICELEVEL:=0}
+start_stop_daemon_args="--nicelevel ${SPAMD_NICELEVEL}"
- # Reloading spamd causes its PID to change, so we track it by
- # name instead.
- start-stop-daemon --start --quiet \
- --name spamd \
- --nicelevel ${SPAMD_NICELEVEL} \
- --pidfile ${PIDFILE} \
- --exec /usr/sbin/spamd -- \
- --daemonize \
- --pidfile=${PIDFILE} \
- ${SPAMD_OPTS}
+# Retry after SPAMD_TIMEOUT seconds because spamd can take a
+# while to kill off all of its children. This was bug 322025.
+: ${SPAMD_TIMEOUT:=15}
+retry="${SPAMD_TIMEOUT}"
- retval=$?
-
- eend ${retval} "Failed to start spamd"
-}
+extra_started_commands="reload"
-stop() {
- ebegin "Stopping spamd"
- # Retry after SPAMD_TIMEOUT seconds because spamd can take a
- # while to kill off all of its children. This was bug 322025.
- start-stop-daemon --stop \
- --quiet \
- --retry ${SPAMD_TIMEOUT} \
- --pidfile ${PIDFILE}
- eend $? "Failed to stop spamd"
+depend() {
+ before mta
+ use logger mysql postgres
}
reload() {
ebegin "Reloading configuration"
- # Warning: causes the PID of the spamd process to change.
- start-stop-daemon --signal HUP --quiet --pidfile ${PIDFILE}
+ # Warning: reload causes the PID of the spamd process to
+ # change, but spamd does update its PID file afterwards.
+ start-stop-daemon --signal HUP --pidfile "${pidfile}"
eend $?
}
systemd-coredump:x:135:964:added by portage for systemd:/dev/null:/sbin/nologin
gast:x:1124:100:Gastnutzer:/home/gast:/bin/bash
plex:x:136:963:added by portage for plex-media-server:/var/lib/plexmediaserver:/bin/bash
+spamd:x:137:137:added by portage for spamassassin:/home/spamd:/sbin/nologin
groonga:x:134:965:added by portage for groonga:/dev/null:/sbin/nologin
systemd-coredump:x:135:964:added by portage for systemd:/dev/null:/sbin/nologin
gast:x:1124:100:Gastnutzer:/home/gast:/bin/bash
+plex:x:136:963:added by portage for plex-media-server:/var/lib/plexmediaserver:/bin/bash
systemd-coredump:!:17302::::::
gast:$6$YvNBr9hC$KQPyvJrvdrABSFCxXVMc3sGMeq8dToHzjJuKvzmyQFjYAwmSHcXyuqLy3IxaWeAEsJZxvOXFivkISk2hJ0ucS0:17320:0:99999:7:::
plex:!:17477::::::
+spamd:!:17477::::::
groonga:!:17249::::::
systemd-coredump:!:17302::::::
gast:$6$YvNBr9hC$KQPyvJrvdrABSFCxXVMc3sGMeq8dToHzjJuKvzmyQFjYAwmSHcXyuqLy3IxaWeAEsJZxvOXFivkISk2hJ0ucS0:17320:0:99999:7:::
+plex:!:17477::::::
-# Here you can append some options to spamd process, please
-# double check that you make needed changes in service file if
-# you use options requiring it
-# Some options:
-#
-# -c to create a per user configuration file
-# -H [dir] to switch home dirs for helper apps, dir optional
-
[Service]
-Environment="SPAMD_OPTS= -c -H"
+Environment="SPAMD_OPTS=--username=spamd --groupname=spamd --max-children=5 --create-prefs --helper-home-dir"
projects / config / bruni / etc.git / commitdiff