Discussion:
[Assp-user] ASSP user and group
Scott Haneda
2009-02-27 11:06:15 UTC
Permalink
Hello, where are there docs on ASSP's correct user and group settings?

I have made a user assp and a group assp, setting all the downloaded
files to that user and group.

If I run `perl assp.pl` ASSP does not have permission to write to that
directory, so it makes new directories of /spam, /notspam, /errors, /
pb, /quarantine and maybe a few more.

Why does ASSP chose to use / when it can not write the files?

If I `sudo perl assp.pl` the files are made in ASSP/ which is correct,
but of course, they are owned by root, since I was sudo.

Should ASSP run as root at all times? What is the ideal method here?
--
Scott



--
Scott

* If you contact me off list replace talklists@ with scott@ *
bytehd
2009-02-27 15:35:19 UTC
Permalink
I used debian.
fewer services, fewer problems but

It created a nobody user and a nogroup group during install so was easy for
me
adduser and addgroup helps here too

You can login and do all your work as root, just chown everything
nobody:nogroup
and make sure your distro inits perl assp.pl under the nobody user
and/or set the user/group settings in assp.cfg or gui setup to match the
file ownerships

i had this problem too at first install in 2007 were root was writing files
nobody couldnt read.
make sense?



Lists wrote:
>
> Hello, where are there docs on ASSP's correct user and group settings?
>
> I have made a user assp and a group assp, setting all the downloaded
> files to that user and group.
>
> If I run `perl assp.pl` ASSP does not have permission to write to that
> directory, so it makes new directories of /spam, /notspam, /errors, /
> pb, /quarantine and maybe a few more.
>
> Why does ASSP chose to use / when it can not write the files?
>
> If I `sudo perl assp.pl` the files are made in ASSP/ which is correct,
> but of course, they are owned by root, since I was sudo.
>
> Should ASSP run as root at all times? What is the ideal method here?
> --
> Scott
>
>
>
> --
> Scott
>
> * If you contact me off list replace talklists@ with scott@ *
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco,
> CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source code:
> SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Assp-user mailing list
> Assp-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>

--
View this message in context: http://www.nabble.com/ASSP-user-and-group-tp22243753p22248195.html
Sent from the assp-user mailing list archive at Nabble.com.
Scott Haneda
2009-02-27 21:48:14 UTC
Permalink
On Feb 27, 2009, at 7:36 AM, bytehd wrote:

> I used debian.
> fewer services, fewer problems but
>
> It created a nobody user and a nogroup group during install so was
> easy for
> me
> adduser and addgroup helps here too
>
> You can login and do all your work as root, just chown everything
> nobody:nogroup
> and make sure your distro inits perl assp.pl under the nobody user
> and/or set the user/group settings in assp.cfg or gui setup to match
> the
> file ownerships
>
> i had this problem too at first install in 2007 when root was
> writing files
> nobody couldnt read.
> make sense?


I think so, I had no idea I could set the u/g in assp.cfg, though that
file is not made until first run. Maybe I can edit asp.cfg.defaults
first.
--
Scott

* If you contact me off list replace talklists@ with scott@ *
bytehd
2009-02-27 22:29:37 UTC
Permalink
go to Server Setup
run as UID
run as GID


Lists wrote:
>
> On Feb 27, 2009, at 7:36 AM, bytehd wrote:
>
>> I used debian.
>> fewer services, fewer problems but
>>
>> It created a nobody user and a nogroup group during install so was
>> easy for
>> me
>> adduser and addgroup helps here too
>>
>> You can login and do all your work as root, just chown everything
>> nobody:nogroup
>> and make sure your distro inits perl assp.pl under the nobody user
>> and/or set the user/group settings in assp.cfg or gui setup to match
>> the
>> file ownerships
>>
>> i had this problem too at first install in 2007 when root was
>> writing files
>> nobody couldnt read.
>> make sense?
>
>
> I think so, I had no idea I could set the u/g in assp.cfg, though that
> file is not made until first run. Maybe I can edit asp.cfg.defaults
> first.
> --
> Scott
>
> * If you contact me off list replace talklists@ with scott@ *
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco,
> CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source code:
> SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Assp-user mailing list
> Assp-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>

--
View this message in context: http://www.nabble.com/ASSP-user-and-group-tp22243753p22255709.html
Sent from the assp-user mailing list archive at Nabble.com.
Scott Haneda
2009-02-28 00:33:03 UTC
Permalink
Does ASSP pull default settings from "assp.cfg.defaults" ? I made
edits to the values:
runAsUser:=
runAsGroup:=

I set them to
runAsUser:=_assp
runAsGroup:=_assp

I had not run ASSP at all yet, figuring that ASSP would use
assp.cfg.defaults as a base. On first run, the new config file was
made, but my new user and group values were not in it.

On Feb 27, 2009, at 7:36 AM, bytehd wrote:

>
> I used debian.
> fewer services, fewer problems but
>
> It created a nobody user and a nogroup group during install so was
> easy for
> me
> adduser and addgroup helps here too
>
> You can login and do all your work as root, just chown everything
> nobody:nogroup
> and make sure your distro inits perl assp.pl under the nobody user
> and/or set the user/group settings in assp.cfg or gui setup to match
> the
> file ownerships
>
> i had this problem too at first install in 2007 when root was
> writing files
> nobody couldnt read.
> make sense?

--
Scott

* If you contact me off list replace talklists@ with scott@ *
bytehd
2009-02-28 00:58:54 UTC
Permalink
working ok?



Lists wrote:
>
> Does ASSP pull default settings from "assp.cfg.defaults" ? I made
> edits to the values:
> runAsUser:=
> runAsGroup:=
>
> I set them to
> runAsUser:=_assp
> runAsGroup:=_assp
>
> I had not run ASSP at all yet, figuring that ASSP would use
> assp.cfg.defaults as a base. On first run, the new config file was
> made, but my new user and group values were not in it.
>
> On Feb 27, 2009, at 7:36 AM, bytehd wrote:
>
>>
>> I used debian.
>> fewer services, fewer problems but
>>
>> It created a nobody user and a nogroup group during install so was
>> easy for
>> me
>> adduser and addgroup helps here too
>>
>> You can login and do all your work as root, just chown everything
>> nobody:nogroup
>> and make sure your distro inits perl assp.pl under the nobody user
>> and/or set the user/group settings in assp.cfg or gui setup to match
>> the
>> file ownerships
>>
>> i had this problem too at first install in 2007 when root was
>> writing files
>> nobody couldnt read.
>> make sense?
>
> --
> Scott
>
> * If you contact me off list replace talklists@ with scott@ *
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco,
> CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source code:
> SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Assp-user mailing list
> Assp-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>

--
View this message in context: http://www.nabble.com/ASSP-user-and-group-tp22243753p22257292.html
Sent from the assp-user mailing list archive at Nabble.com.
Scott Haneda
2009-02-28 05:17:37 UTC
Permalink
Hello, I want to hash this out here, before I report and waste
anyone's time. What is the procedure for reporting bugs?

1) Set permissions
sudo chown -R _assp:_assp ~/Desktop/ASSP

2) Confirm permissions
-rwxr-xr-x@ 1 _assp _assp 1753 Jun 26 2005 addservice.pl
-rwxrwxr-x@ 1 _assp _assp 13225 Nov 6 23:51 assp.cfg.defaults
-rw-r--r--@ 1 _assp _assp 850312 Dec 10 14:21 assp.pl
drwxr-xr-x@ 5 _assp _assp 170 Oct 10 2007 docs
drwxr-xr-x@ 8 _assp _assp 272 Nov 16 02:06 files
drwxr-xr-x@ 19 _assp _assp 646 Oct 18 10:18 images
drwxr-xr-x@ 2 _assp _assp 68 May 4 2007 logs
-rw-rw---- 1 _assp _assp 16124 Nov 1 04:28 mod_inst.pl
-rwxr-xr-x@ 1 _assp _assp 1416 Jun 26 2005 move2num.pl
drwxrwxrwx@ 7 _assp _assp 238 Nov 1 04:31 notes
drwxr-xr-x@ 6 _assp _assp 204 Jul 2 2007 rc
-rw-r--r--@ 1 _assp _assp 40138 Dec 14 07:37 rebuildspamdb.pl
-rwxr-xr-x@ 1 _assp _assp 924 Mar 2 2007 repair.pl
drwxr-xr-x@ 11 _assp _assp 374 Feb 6 2008 reports
-rwxr-xr-x@ 1 _assp _assp 2556 Oct 10 2007 stat.pl
-rwxr-xr-x@ 1 _assp _assp 5286 Dec 31 2004 stats.sh

3) Edit and make copy of assp.cfg with new user and group
grep '_assp' assp.cfg
runAsUser:=_assp
runAsGroup:=_assp

4) Run ASSP
sudo perl assp.pl

5) Check permissions for all being _assp
ls -la | grep root
-rw-rw-rw- 1 root _assp 13048 Feb 27 20:58 assp.cfg
-rwxr-xr-x@ 1 root _assp 13235 Feb 27 20:56 assp.cfg.bak

I can not seem to keep the config file from being root owned. This
concerns me, especially since the permissions on most of the files are
defaulting to +x. Here is a sample test case that should show what I
think is a danger, but I could be wrong.

I just saved "#!/bin/bash touch ~/assp-made-this-file; exit;" into any
of the input fields in the web admin, it was saved into the cfg file.
At some point, it was rolled into a .bak file, which had execute bits
set.

All that it took was then to ./assp.cfg.bak
Results:
-rw-r--r-- 1 me staff 0 Feb 27 21:01 assp-made-this-file

I do not know too much about this, and have not played with it much to
solve it. Maybe I can just -x all but the assp.pl file, but I do not
know the repercussions of that. Can someone tell me what all the
permissions should be? With that, it would help, but I can not solve
why assp is rooting the config files to begin with.

Thanks, if someone else can test these findings, and confirm, I would
appreciate it.
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 06:53:31 UTC
Permalink
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
<assp-***@lists.sourceforge.net> schreibt:
>Hello, I want to hash this out here, before I report and waste
>anyone's time. What is the procedure for reporting bugs?


What is the bug?
Scott Haneda
2009-02-28 07:08:23 UTC
Permalink
On Feb 27, 2009, at 10:53 PM, Fritz Borgstedt wrote:

> Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
> <assp-***@lists.sourceforge.net> schreibt:
>> Hello, I want to hash this out here, before I report and waste
>> anyone's time. What is the procedure for reporting bugs?
> What is the bug?


Did the rest of my message not come through? There is an archive of
it here, or I can send it again:
http://sourceforge.net/mailarchive/message.php?msg_name=E6B1A656-9072-42AE-A742-5300EE92055C%40newgeo.com

Sort summary, assp.pl seems to escalate the user of cfg files and cfg
bak files to user root. These files seem to also be +x.
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 08:02:21 UTC
Permalink
It came through, therefore my question. I did not get it. ASSP
produces on first run its own environment, which has permissions set
after switch user. Look into the assp.pl file line searching for:

switchUsers( $uid, $gid ) if ( $runAsUser || $runAsGroup );
Scott Haneda
2009-02-28 08:21:25 UTC
Permalink
On Feb 28, 2009, at 12:02 AM, Fritz Borgstedt wrote:
> It came through, therefore my question. I did not get it. ASSP
> produces on first run its own environment, which has permissions set
> after switch user. Look into the assp.pl file line searching for:
>
> switchUsers( $uid, $gid ) if ( $runAsUser || $runAsGroup );


I do not understand much perl, so you will need to be a little slow
with me. The basic issue, I have crated user and group _assp, I chown
-R all files in the ASSP directory. After starting assp.pl for the
first time, some files it makes are not user and group _assp. I have
edited the assp.cfg file to set user and group to _assp as well.

It seems the log backup tool is part the issue, in that only the group
is set to _assp, the user is set to the root user for some reason.
Maybe the log backup functions are not using the correct user
settings, or they happen before the switchUsers() has happened, or
perhaps after switchUsers() has finished?
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 08:36:21 UTC
Permalink
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
<assp-***@lists.sourceforge.net> schreibt:
>
>I do not understand much perl,

The part I hinted is written in perl but the commands used are rather
well known without any perl knowledge.

Please use octal numbers. Makes a discussion easier.
Scott Haneda
2009-02-28 09:07:07 UTC
Permalink
On Feb 28, 2009, at 12:36 AM, Fritz Borgstedt wrote:
> Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
> <assp-***@lists.sourceforge.net> schreibt:
>>
>> I do not understand much perl,
>
> The part I hinted is written in perl but the commands used are rather
> well known without any perl knowledge.
>
> Please use octal numbers. Makes a discussion easier.


Use octal numbers for what? My past email was permissions was just a
question as to what permissions you recommend for all ASSP files.

My suspected issue is in regards to users and groups. Why does ASSP
change the user on the config files from the one I set it to, to
something else? I do not see anything in the code that sets the user
and group when the cfg files are rotated, perhaps that is the issue.

Maybe there is someone else on the list who can explain this better
than I am. Sorry if I am not explaining this correct, I do not know
any other way to explain it.

Thank you.
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Scott Haneda
2009-02-28 09:22:16 UTC
Permalink
On Feb 28, 2009, at 12:36 AM, Fritz Borgstedt wrote:

> Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
> <assp-***@lists.sourceforge.net> schreibt:
>>
>> I do not understand much perl,
>
> The part I hinted is written in perl but the commands used are rather
> well known without any perl knowledge.
>
> Please use octal numbers. Makes a discussion easier.


Ok, I may be onto one part, still not able to understand the user/
group issues, but line #3172:
chmod 0775, "$base/assp.cfg";
Why is the octal value 0775?
Specifcially, why is there an execute bit on a config file?

Thanks. I will keep looking over the code for the user and group, but
I am sure I will not be able to discover that, and will need
help.
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 09:49:36 UTC
Permalink
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
<assp-***@lists.sourceforge.net> schreibt:
>Specifcially, why is there an execute bit on a config file?


That was legacy. It did not hurt. Nevertheless in 1.5.1 it is 664.
Scott Haneda
2009-02-28 10:17:33 UTC
Permalink
On Feb 28, 2009, at 1:49 AM, Fritz Borgstedt wrote:

> Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
> <assp-***@lists.sourceforge.net> schreibt:
>> Specifcially, why is there an execute bit on a config file?
>
> That was legacy. It did not hurt. Nevertheless in 1.5.1 it is 664.


Thank you, I will change it in my local source, via a patch in
MacPorts. I noticed there is a packager for deb, rpm and such listed
here http://sourceforge.net/project/memberlist.php?group_id=69172

How can I join the group to be the OS X package maintainer? Do you
recommend that I stop the port on version 1.4.3.1 and move right the
the RC of 1.5 for distribution via MacPorts port manager?
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 10:33:05 UTC
Permalink
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
<assp-***@lists.sourceforge.net> schreibt:
>How can I join the group to be the OS X package maintainer? Do you
>recommend that I stop the port on version 1.4.3.1 and move right the
>the RC of 1.5 for distribution via MacPorts port manager?


I am unsure what an OS X package means. ASSP is developed since 3
years on MacOS.
Scott Haneda
2009-02-28 12:09:34 UTC
Permalink
On Feb 28, 2009, at 2:33 AM, Fritz Borgstedt wrote:
> Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
> <assp-***@lists.sourceforge.net> schreibt:
>> How can I join the group to be the OS X package maintainer? Do you
>> recommend that I stop the port on version 1.4.3.1 and move right the
>> the RC of 1.5 for distribution via MacPorts port manager?
>
> I am unsure what an OS X package means. ASSP is developed since 3
> years on MacOS.


MacPorts is a package manager. I have made a portfile, which
instructs MacPorts to install ASSP, and all the perl modules, plus
ClamAV, as well as all dependencies. It also covers upgrades, and
creating a Launchd item to start ASSP.

This all happens by entering in one command in the terminal.

I also have the portfile remove the windows specific files, and the rc
files, which should not be used on OS X.
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 17:52:21 UTC
Permalink
>MacPorts is a package manager. I have made a portfile, which
>instructs MacPorts to install ASSP, and all the perl modules, plus
>ClamAV, as well as all dependencies. It also covers upgrades, and
>creating a Launchd item to start ASSP.

Great, so fine, to have you handle that. Regarding 1.5.1: two weeks
ago I was sure to publish it on March 1th.
Then came an ugly bug (which was found today). So I am shifting the
publish date to March 15.
1.4.3.1 is a solid stable version with one very obvious shortcoming.
The uris to the old wikis are wrong.
Grayhat
2009-02-28 17:47:38 UTC
Permalink
> I am unsure what an OS X package means. ASSP is developed since 3
> years on MacOS.

well... the first version of ASSP I've been running dated back to 2004
or .... something like that :) sure, it was a console only critter and only
had bayes filtering and white/red lists, yet it worked rather well :)
Scott Haneda
2009-02-28 08:25:16 UTC
Permalink
On Feb 28, 2009, at 12:02 AM, Fritz Borgstedt wrote:
> It came through, therefore my question. I did not get it. ASSP
> produces on first run its own environment, which has permissions set
> after switch user. Look into the assp.pl file line searching for:
>
> switchUsers( $uid, $gid ) if ( $runAsUser || $runAsGroup );


Also, what is the recommended chmod settings for all files?
Should -rwxrwxr-x@ 1 haneda staff 13225 Nov 6 23:51
assp.cfg.defaults really have the execute bit set?
--
Scott

* If you contact me off list replace talklists@ with scott@ *
Fritz Borgstedt
2009-02-28 06:30:21 UTC
Permalink
>
Scott Haneda
2009-02-28 06:57:21 UTC
Permalink
On Feb 27, 2009, at 10:30 PM, Fritz Borgstedt wrote:

>>
bytehd
2009-02-27 15:36:03 UTC
Permalink
I used debian.
fewer services, fewer problems but

It created a nobody user and a nogroup group during install so was easy for
me
adduser and addgroup helps here too

You can login and do all your work as root, just chown everything
nobody:nogroup
and make sure your distro inits perl assp.pl under the nobody user
and/or set the user/group settings in assp.cfg or gui setup to match the
file ownerships

i had this problem too at first install in 2007 when root was writing files
nobody couldnt read.
make sense?



Lists wrote:
>
> Hello, where are there docs on ASSP's correct user and group settings?
>
> I have made a user assp and a group assp, setting all the downloaded
> files to that user and group.
>
> If I run `perl assp.pl` ASSP does not have permission to write to that
> directory, so it makes new directories of /spam, /notspam, /errors, /
> pb, /quarantine and maybe a few more.
>
> Why does ASSP chose to use / when it can not write the files?
>
> If I `sudo perl assp.pl` the files are made in ASSP/ which is correct,
> but of course, they are owned by root, since I was sudo.
>
> Should ASSP run as root at all times? What is the ideal method here?
> --
> Scott
>
>
>
> --
> Scott
>
> * If you contact me off list replace talklists@ with scott@ *
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco,
> CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the
> Enterprise
> -Strategies to boost innovation and cut costs with open source
> participation
> -Receive a $600 discount off the registration fee with the source code:
> SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Assp-user mailing list
> Assp-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>

--
View this message in context: http://www.nabble.com/ASSP-user-and-group-tp22243753p22248195.html
Sent from the assp-user mailing list archive at Nabble.com.
Loading...