From jason.melancon at verizon.net Sun Jan 1 20:04:26 2006 From: jason.melancon at verizon.net (Jason Melancon) Date: Sun, 01 Jan 2006 14:04:26 -0500 Subject: [spambayes-dev] [Feature request] Reclassify Cache option in web interface Message-ID: <5.2.1.1.2.20060101135517.01840738@incoming.verizon.net> I've just installed the SpamBayes POP3 service with Eudora 5.2 and I'm attempting to use Skip's Recursive Training Set Selection Algorithm to ramp up its effectiveness. I've trained on about 14 messages now, and I think it's time to reclassify some messages. That's why I think a handy tool in the web interface would be a "reclassify all" button on the cache review page. That would allow me to test the current training and start the next iteration by correcting the classifier's biggest mistakes. -- Jason Melancon From tameyer at ihug.co.nz Mon Jan 2 23:58:35 2006 From: tameyer at ihug.co.nz (Tony Meyer) Date: Tue, 3 Jan 2006 11:58:35 +1300 Subject: [spambayes-dev] [Feature request] Reclassify Cache option in web interface In-Reply-To: <5.2.1.1.2.20060101135517.01840738@incoming.verizon.net> References: <5.2.1.1.2.20060101135517.01840738@incoming.verizon.net> Message-ID: <81ABBCDA-44A1-43D0-A068-C62548F966F4@ihug.co.nz> > I've just installed the SpamBayes POP3 service with Eudora 5.2 and > I'm attempting to use Skip's Recursive Training Set Selection > Algorithm to ramp up its effectiveness. I've trained on about 14 > messages now, and I think it's time to reclassify some messages. > That's why I think a handy tool in the web interface would be a > "reclassify all" button on the cache review page. That would allow me > to test the current training and start the next iteration by > correcting the classifier's biggest mistakes. The best place for suggestions/feature requests is the sourceforge page (they are called "RFE"s there): . Suggestions on the list are likely to be lost, whereas opening a tracker on sourceforge ensures that it stays around until it's either done or a decision is made not to do it. FWIW, this seems like a reasonable request to me, and one that wouldn't be overly difficult to implement. =Tony.Meyer From RiverWar at Comcast.Net Sat Jan 7 01:00:19 2006 From: RiverWar at Comcast.Net (Dudley Janeway) Date: Fri, 6 Jan 2006 16:00:19 -0800 Subject: [spambayes-dev] 500 server error Message-ID: <001001c6131d$597cac80$3a46bd43@dimension4550> i've been using spambayes for about the last six months or so, without a problem, until recently when the "500 Server error" page came up. this page shows up every now and then when I click on "review messages" at the top of the error report it says: 500 Server error Traceback (most recent call last): File "spambayes\Dibbler.pyc", line 470, in found_terminator File "spambayes\ProxyUI.pyc", line 396, in onReview File "spambayes\Corpus.pyc", line 214, in takeMessage File "spambayes\FileCorpus.pyc", line 140, in addMessage File "spambayes\Corpus.pyc", line 134, in addMessage File "spambayes\storage.pyc", line 617, in onAddMessage File "spambayes\storage.pyc", line 627, in train File "spambayes\message.pyc", line 263, in setId File "spambayes\message.pyc", line 119, in _getState File "shelve.pyc", line 118, in __getitem__ File "bsddb\__init__.pyc", line 116, in __getitem__ DBRunRecoveryError: (-30982, 'DB_RUNRECOVERY: Fatal error, run database recovery -- fatal region error detected; run recovery') also, i notice that since this error report started showing up, spambayes was notlisting all of my new emails, only one or two when there are five or six.any ideas? i've uninstalled spambayes, cleaned out the registry,ran spyware/adaware/anti-virus scan, no negative results, and reinstalled spambayes,some error report shows up.thanxzJaneway -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20060106/988df5c3/attachment.htm From tameyer at ihug.co.nz Sat Jan 7 01:10:51 2006 From: tameyer at ihug.co.nz (Tony Meyer) Date: Sat, 7 Jan 2006 13:10:51 +1300 Subject: [spambayes-dev] 500 server error In-Reply-To: <001001c6131d$597cac80$3a46bd43@dimension4550> References: <001001c6131d$597cac80$3a46bd43@dimension4550> Message-ID: > 'DB_RUNRECOVERY: Fatal error, run database recovery -- fatal region > error detected; run recovery Your messageinfo database has become corrupted. You need start with a fresh database. The configuration page has the full path to the database, but it's probably 'C:\Documents and Settings\{username} \Application Data\SpamBayes\Proxy\spambayes.messageinfo.db'. The training database (hammie.db) is probably fine, but if the error (or a similar one) continues after you delete that file, you should also delete hammie.db. =Tony.Meyer -- Please always include the list (spambayes at python.org) in your replies (reply-all), and please don't send me personal mail about SpamBayes. http://www.massey.ac.nz/~tameyer/writing/reply_all.html explains this. From etonkin at free.fr Mon Jan 9 23:15:56 2006 From: etonkin at free.fr (etonkin at free.fr) Date: Mon, 09 Jan 2006 23:15:56 +0100 Subject: [spambayes-dev] Expunge, IMAP and the inbox Message-ID: <1136844956.43c2e09c56c7a@imp4-g19.free.fr> Hello all, First of all, thanks for spending so much time on this software - my sense of humour has improved noticeably since the spam went away. There's one feature of the expunge functionality (-e y) with sb_imapfilter.py which I ended up altering, due to the fact that Thunderbird doesn't seem to handle the \Deleted flag very well (on my ISP's setup, at least) - as checked ham remains in my inbox, I get one to two \Deleted copies of each ham mail, which Thunderbird then refuses to expunge or hide. So I set -e y, and found \Deleted mail was correctly expunged from all folders apart from inbox. In function logout, the spam_folder, unsure_folder, ham and spam train folders are all expunged. But the expunge operation doesn't ever seem to be run on the inbox... so I added a couple of lines to complete this operation. def logout(self): # sign off if self.do_expunge: # we may never have logged in, in which case we do nothing if self.logged_in: # expunge messages from inbox self.select('inbox') self.expunge() # expunge messages from the spam and unsure folders for fol in ["spam_folder", "unsure_folder",]: self.select(options["imap", fol]) self.expunge() # expunge messages from the ham and spam training folders for fol_list in ["ham_train_folders", "spam_train_folders",]: for fol in options["imap", fol_list]: self.select(fol) self.expunge() Cheers, Em From simon.ebrandz at hotmail.com Tue Jan 17 13:59:14 2006 From: simon.ebrandz at hotmail.com (simon.ebrandz at hotmail.com) Date: Tue, 17 Jan 2006 18:29:14 +0530 Subject: [spambayes-dev] Your Link Has Been Uploaded Message-ID: Dear Webmaster, My name is simon and I just wanted to let you know that we have already placed a link to your site on the following webpage: http://www.thewatersite.com/resources/cooling-water-treatment.htm Your link Details Are As Follows:

Water Cooler - Plumbed in pure chilled filtered water coolers and fountains.

I humbly request you to link back to us with the following details: Title: Reverse Osmosis Water Filters Desc: Leading Providers of reverse osmosis Water Filters, Purifiers, Softeners, Distillers and Other Water Treatment Equipments. Url: http://www.thewatersite.com/ Or Below is our link code:

Reverse Osmosis Water Filters - Leading Providers of reverse osmosis Water Filters, Purifiers, Softeners, Distillers and Other Water Treatment Equipments.

If you wish to have your details changed, we would be interested in modification as per you requirements. Once you add our link, your link details will be permanent on our site. Thanks. simon.ebrandz at hotmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20060117/86f3badc/attachment.html From mala4000 at bol.com.br Wed Jan 25 06:43:24 2006 From: mala4000 at bol.com.br (Lidiana Alves) Date: Wed, 25 Jan 2006 02:43:24 -0300 Subject: [spambayes-dev] Modelos prontos de cartas e e-mails comerciais Message-ID: <20060125054441.776AE7827@sankara2.bol.com.br> Modelos prontos de cartas e e-mails comerciais. Visite o site: http://www.gueb.de/cartascomerciais E veja alguns dos modelos abaixo: Procura??o Carta de Recomenda??o Convite para Exposi??o ou Feira AGRADECIMENTOS E CONDOL?NCIAS ? Agradecimento de convite e felicita??es; ? Agradecimento e convite para solenidade; ? Agradecimento de mensagem de p?sames; ? Agradecimento de pedido; ? Agradecimento e boas vindas a cliente novo; ? Agradecimento por mensagem de felicita??o; ? Confraterniza??o; ? Congratula??es; ? Cumprimentos por resultados comerciais; ? Felicita??es pessoais; ? P?sames; http://www.gueb.de/cartascomerciais ? Votos de boas festas Voltar ao topo http://www.gueb.de/cartascomerciais CARTAS DE RECLAMA??O ? Reclama??o de compra de produto; ? Reclama??o por atraso; ? Reclama??o por aumento de pre?o; ? Reclama??o por defici?ncia t?cnica; ? Reclama??o por demora na entrega; ? Reclama??o por diverg?ncia; ? Respostas a reclama??es; Voltar ao topo COMUNICADOS E AVISOS ? Advert?ncia a funcion?rio; ? Aviso de aumento de pre?os; ? Aviso de incorpora??o da empresa; ? Aviso de lan?amento de produto e servi?o; ? Aviso de mudan?a de endere?o; ? Aviso de ocorr?ncia de acidente; ? Aviso de t?rmino de contrato; ? Aviso gen?rico; ? Comunica??o de atraso no envio de mercadorias; ? Comunica??o de devolu??o de duplicata; ? Comunica??o de devolu??o de mercadoria; ? Comunica??o de envio de mercadorias; ? Comunica??o de envio de parte do pedido; ? Comunica??o de extravio de mercadorias; ? Comunica??o de f?rias coletivas; ? Comunica??o de liquida??o de d?bito; ? Comunica??o de novo servi?o de televendas; ? Comunica??o de reuni?o; ? Confirma??o de pedido; ? Resposta ao comunicado de reuni?o; Voltar ao topo http://www.gueb.de/cartascomerciais EMPREGO ? Aviso pr?vio de dispensa de empregado: 1, 2, e 3; ? Carta de recomenda??o; ? Pedido de demiss?o: 1 e 2; ? Solicita??o de emprego: 1, 2 e 3; ? Solicita??o de est?gio; Voltar ao topo ATESTADOS E DECLARA??ES ? Atestado de bons antecedentes; ? Atestado m?dico; ? Declara??o negativa de v?nculo empregat?cio; ? Declara??o para cancelamento de protesto; ? Declara??o para fins escolares; Voltar ao topo * Agradecimentos e condol?ncias * Atestados e Declara??es * Cartas de Cobran?as * Cartas de Reclama??o * Cartas em Ingl?s * Comunicados e Avisos * Convites * Documentos * Emprego * Propostas * Solicita??es e pedidos * Viagem CARTAS DE COBRAN?A ? Cartas de cobran?a: 1, 2, 3, 4, 5, 6, 7 e 8; ? Encaminhamento de cobran?a a protesto; ? Oferecimento de servi?o de cobran?a; ? Recebimento de d?bito pendente; Voltar ao topo CARTAS EM INGL?S ? Cancelamento de pedido; ? Carta de demiss?o; ? Carta de refer?ncia; ? Curriculum vitae; ? Pedido de produto: 1 e 2; ? Reclama??o de assinatura de publica??o; ? Remessa de valores; ? Resposta a pedido de produto; ? Resposta a solicita??o de emprego; ? Resposta a solicita??o de informa??es; ? Resposta a solicita??o de pre?os; ? Solicita??o de emprego; ? Solicita??o de informa??es comerciais; ? Solicita??o de licen?a; ? Solicita??o de pre?os; Voltar ao topo CONVITES http://www.gueb.de/cartascomerciais ? Convite para batizado; ? Convite para evento social; ? Convite para exposi??o ou feira; ? Convite para lan?amento de produto; ? Resposta negativa a convite; ? Resposta positiva a convite; Voltar ao topo DOCUMENTOS ? Ata; ? Contrato de loca??o de im?vel; ? Contrato firmado acordo; ? Contrato social; ? Edital de convoca??o; ? Procura??o; ? Recibo de venda de autom?vel; Voltar ao topo PROPOSTAS ? Proposta de abertura de conta corrente; ? Proposta de presta??o de servi?os: 1 e 2; ? Proposta de representa??o comercial: 1 e 2; ? Proposta para ocupa??o de cargo; ? Proposta para recupera??o de clientes; ? Resposta negativa ? proposta de representa??o: 1 e 2; ? Resposta positiva ? proposta de representa??o: 1 e 2; Voltar ao topo http://www.gueb.de/cartascomerciais SOLICITA??E E PEDIDOS ? Pedido de desculpas; ? Pedido de mercadorias; ? Resposta a pedido de carta de apresenta??o; ? Resposta a solicita??o de c?pias de documentos; ? Resposta a solicita??o de or?amento; ? Resposta negativa a solicita??o de informa??es comerciais; ? Resposta positiva a solicita??o de informa??es comerciais; ? Solicita??o de atestado de Idoneidade Financeira; ? Solicita??o de cat?logos de pre?os; ? Solicita??o de cr?dito; ? Solicita??o de informa??es comerciais; ? Solicita??o de informa??es sobre curso; ? Solicita??o de listas de pre?os; ? Solicita??es de refer?ncias pessoais; ? Suspens?o de pedido de mercadoria; Voltar ao topo VIAGEM ? Informa??es sobre requisitos de viagem; ? Pedido de reserva em hotel; ? Recupera??o de bagagem extraviada; ? Reclama??o de maus tratos ? bagagem; ? Recupera??o de objeto esquecido em hotel; ? Reserva de passagens; ? Roteiro tur?stico. http://www.gueb.de/cartascomerciais From george.barnes at exemail.com.au Wed Jan 25 23:27:57 2006 From: george.barnes at exemail.com.au (George Barnes) Date: Thu, 26 Jan 2006 09:27:57 +1100 Subject: [spambayes-dev] SpamBayes and Outlook 2003 Message-ID: <20060125223454.166591E4002@bag.python.org> Do I have to turn off Norton Antispam? I can't get SpamBayes to remember my selection of a file containing "Ham" and a file containing "Spam" *I think I am unsure of the correct training procedure. George Barnes george.barnes at exemail.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/spambayes-dev/attachments/20060126/1a218109/attachment.html From rgheck at comcast.net Mon Jan 30 00:03:00 2006 From: rgheck at comcast.net (Richard Heck) Date: Sun, 29 Jan 2006 18:03:00 -0500 Subject: [spambayes-dev] Running sb_server.py from init under Linux Message-ID: <43DD49A4.2020709@comcast.net> In response to some questions raised on another list, I've been fiddling with the initscript provided on the website for sb_server.py. (I'm doing so under Fedora.) Two questions have arisen. (1) Is there any reason that sb_server.py needs to run as root? If not, then it would be very good to run as an unprivileged user. Obviously, one does not want to think about a malformed email that confuses spambayes and allows the execution of arbitrary code running in a root shell. It's easy enough to modify the initscripts so that sb_server.py runs as an unprivileged user, but it would be more secure if sb_server.py lowered its own privilege level. Running it as e.g. user spambayes from init requries that this user have access to a shell, whereas by lowering privilege from within sb_server.py you can run as a user who has no shell access. (FYI: The initscript for the Cyrus IMAP daemon seems to use the init method.) (2) The initscripts call daemon(), which is a function defined in the init function library and which does various other things but basically just starts whatever program it's told to run. In particular, although called "daemon", this function does NOT daemonize that program. As a result, when the initscript runs daemon /usr/local/bin/sb_server.py & daemon() blocks, waiting for sb_server.py to finish, although of course the initscript itself continues, since daemon() is running in the background. As a result, the usual "OK" signal does not get printed, and we're left with extra processes hanging around: 1083 pts/1 S 0:00 /bin/sh /etc/init.d/spambayes start 1085 pts/1 S 0:00 initlog -q -c runuser -s /bin/bash - spambayes -c "/usr/bin/sb_server.py" 1086 pts/1 S 0:00 runuser -s /bin/bash - spambayes -c /usr/bin/sb_server.py 1087 pts/1 S 0:00 /usr/bin/python /usr/bin/sb_server.py This can be resolved by running instead daemon "/usr/local/bin/sb_server.py&" Now daemon() calls "/usr/local/bin/sb_server.py&" and puts the job into the background. But this is a very ugly hack, or so it seems to me, and it could cause other problems, because it now looks to daemon() as if it's been asked to run a program called "sb_server.py&". I think one can work around that by instead running daemon --check=sb_server.py "/usr/local/bin/sb_server.py&" but this is getting messy. None of this is needed with other servers started via init, like httpd, because they daemonize themselves. Is it worth considering having sb_server.py do that, too? Best, Richard From tameyer at ihug.co.nz Tue Jan 31 00:23:30 2006 From: tameyer at ihug.co.nz (Tony Meyer) Date: Tue, 31 Jan 2006 12:23:30 +1300 Subject: [spambayes-dev] Running sb_server.py from init under Linux In-Reply-To: <43DE3EF4.5090501@bobjweil.com> References: <43DD49A4.2020709@comcast.net> <43DE3EF4.5090501@bobjweil.com> Message-ID: <101B1B1F-EDAD-4106-812F-1F2F9C9928B2@ihug.co.nz> [Richard Heck] > the suggestion was that sb_server.py should handle these things > itself (as most system daemons do), that is, lower its own > privileges if it discovers that it is running as root I'm -1 on this, personally. IMO it's up to whoever runs sb_server.py (or any of the other SpamBayes scripts) to decide what user should run it. What if a user wants to run it as root? What do we do on Windows? > and then daemonize itself by forking and dissociating itself from > the originating process. It sounds like what you actually want is a sb_daemon.py script that lowers privileges and launches sb_server.py (something like the pop3proxy_tray.py and pop3proxy_service.py scripts for Windows). Not everyone wants sb_server to run as a daemon. =Tony.Meyer From rgheck at comcast.net Tue Jan 31 05:01:45 2006 From: rgheck at comcast.net (Richard Heck) Date: Mon, 30 Jan 2006 23:01:45 -0500 Subject: [spambayes-dev] Running sb_server.py from init under Linux In-Reply-To: <101B1B1F-EDAD-4106-812F-1F2F9C9928B2@ihug.co.nz> References: <43DD49A4.2020709@comcast.net> <43DE3EF4.5090501@bobjweil.com> <101B1B1F-EDAD-4106-812F-1F2F9C9928B2@ihug.co.nz> Message-ID: <43DEE129.6090803@comcast.net> Tony Meyer wrote: > [Richard Heck] > >> the suggestion was that sb_server.py should handle these things >> itself (as most system daemons do), that is, lower its own >> privileges if it discovers that it is running as root > > I'm -1 on this, personally. IMO it's up to whoever runs sb_server.py > (or any of the other SpamBayes scripts) to decide what user should > run it. What if a user wants to run it as root? No one who knew what they were doing would want to run it as root. It's a fundamental principle of Linux security that processes run with the minimum privilege level necessary to do their job, hence my earlier question whether it needed to be root. If someone wants to violate that principle, well, that is very silly. But if one wanted to allow it, then a command-line option would do so. There is the issue about ports below 1024, but that may not be terribly hard to address, at least in an indirect kind of way. > What do we do on Windows? The code can check the platform and skip forking. Indeed, try: import posix #Go for it except ImportError: pass ought to be enough, since where posix is present (even on Macs), the rest will work. >> and then daemonize itself by forking and dissociating itself from >> the originating process. > > It sounds like what you actually want is a sb_daemon.py script that > lowers privileges and launches sb_server.py (something like the > pop3proxy_tray.py and pop3proxy_service.py scripts for Windows). Not > everyone wants sb_server to run as a daemon. Perhaps not, but that could also be addressed with a command-line option. And if it's being started as root, then one will presumably be running it as a daemon. That too can be checked with os.getuid(). When I get a little time (a free afternoon, say), I'll have a more serious look at this issue and let you know what happens. In the meantime, I'll send a more secure initscript in the next couple days. Richard From tameyer at ihug.co.nz Tue Jan 31 06:59:23 2006 From: tameyer at ihug.co.nz (Tony Meyer) Date: Tue, 31 Jan 2006 18:59:23 +1300 Subject: [spambayes-dev] Running sb_server.py from init under Linux In-Reply-To: <43DEE129.6090803@comcast.net> References: <43DD49A4.2020709@comcast.net> <43DE3EF4.5090501@bobjweil.com> <101B1B1F-EDAD-4106-812F-1F2F9C9928B2@ihug.co.nz> <43DEE129.6090803@comcast.net> Message-ID: > No one who knew what they were doing would want to run it as root. It's not my business to assume that I know better than they. If they have the ability to run something as root, then they should be able to do so. People who don't know what they are doing shouldn't use root at all. > It's a fundamental principle of Linux security that processes run > with the > minimum privilege level necessary to do their job, hence my earlier > question whether it needed to be root. Another Linux fundamental is that the user has control over what happens. I believe the user should decide 'who' runs sb_server, not the script itself (i.e. the developers). If running sb_server.py actually required running as root, then I agree that would be a problem. It does not, however. >> What do we do on Windows? > > The code can check the platform and skip forking. Indeed, > > try: > import posix > #Go for it > except ImportError: > pass > > ought to be enough, since where posix is present (even on Macs), the > rest will work. But this means that sb_server starts behaving differently on different platforms. I'm -1 on anything that does that. What's wrong with having a separate script that does what you want (like the Windows ones), leaving sb_server properly cross-platform[1]? [This is also not a good way to test, since posix is not meant to be imported directly. Checking hasattr(os, "fork") would be much better.] >> Not everyone wants sb_server to run as a daemon. > > Perhaps not, but that could also be addressed with a command-line > option. I don't see the advantage of adding a command-line option (or several) over simply having a separate script. If I run sb_server.py in a console (which is the main way I run it), I do not want it to run as a daemon, and I don't want to have to specify an additional command-line option just to help people who aren't using sb_server properly. > And if it's being started as root, then one will presumably be > running it as a daemon. That too can be checked with os.getuid(). Explicit is better than implicit. Magically changing what happens depending on what user is running the script is not explicit. > In the meantime, I'll send a more secure initscript in the next > couple days. Note that the best place to put it is on sourceforge (http://sf.net/ projects/spambayes) as things are easily lost on the mailing lists. =Tony.Meyer [1] There is the open_platform_mutex code in sb_server. However, while there is only a Windows version there at the moment, adding versions for other platforms, if they were wanted, would be simple. From dave at boost-consulting.com Tue Jan 31 15:26:21 2006 From: dave at boost-consulting.com (David Abrahams) Date: Tue, 31 Jan 2006 09:26:21 -0500 Subject: [spambayes-dev] sb_imapfilter: bad FETCH response Message-ID: <87wtgg4goi.fsf@boost-consulting.com> FYI, with the CVS HEAD as of 18 January: Loading state from /usr/home/dave/hammie.new.db database /usr/home/dave/hammie.new.db is a new database Loading database /usr/home/dave/hammie.new.db... Done. Account: www.stlport.com:993 Training Training ham folder HamBox Traceback (most recent call last): File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 1283, in ? run() File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 1261, in run imap_filter.Train() File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 1004, in Train num_trained = folder.Train(self.classifier, is_spam) File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 888, in Train for msg in self: File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 799, in __iter__ yield self[key] File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 831, in __getitem__ data = self.imap_server.extract_fetch_data(response_data) File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 455, in extract_fetch_data msg_data = self._extract_fetch_data(msg) File "/usr/home/dave/src/spambayes/scripts/sb_imapfilter.py", line 428, in _extract_fetch_data raise BadIMAPResponseError("FETCH response", response) __main__.BadIMAPResponseError: The command 'FETCH response' failed to give an OK response. (' UID 1967)',) Rolling back to the last released version of spambayes makes this problem go away. -- Dave Abrahams Boost Consulting www.boost-consulting.com From rgheck at bobjweil.com Tue Jan 31 17:05:34 2006 From: rgheck at bobjweil.com (Richard Heck) Date: Tue, 31 Jan 2006 11:05:34 -0500 Subject: [spambayes-dev] Running sb_server.py from init under Linux In-Reply-To: References: <43DD49A4.2020709@comcast.net> <43DE3EF4.5090501@bobjweil.com> <101B1B1F-EDAD-4106-812F-1F2F9C9928B2@ihug.co.nz> <43DEE129.6090803@comcast.net> Message-ID: <43DF8ACE.8040002@bobjweil.com> Tony Meyer wrote: >> It's a fundamental principle of Linux security that processes run >> with the >> minimum privilege level necessary to do their job, hence my earlier >> question whether it needed to be root. > > Another Linux fundamental is that the user has control over what > happens. I believe the user should decide 'who' runs sb_server, not > the script itself (i.e. the developers). If running sb_server.py > actually required running as root, then I agree that would be a > problem. It does not, however. Well, obviously there's a disagreement there. Butt none of the standard Unix services run as root by default unless there is some reason they have to do so, and that's for a reason. Apache, for example, will run as root if you ask, but the default configuration doesn't run it as root, and surely no-one would ever want to run it that way. In any event, if one were going to address this generally, the right place to do so is perhaps in configuration. >>> What do we do on Windows? [etc] >> > But this means that sb_server starts behaving differently on different > platforms. I'm -1 on anything that does that. What's wrong with having > a separate script that does what you want (like the Windows ones), > leaving sb_server properly cross-platform[1]? That doesn't seem non-cross-platform to me. It just seems like taking advantage of a facility that is available on *nix and not available on Windows. It's possible that the second-script option could be made to work, for the more limited idea. That script could perhaps simply lower its privileges and fork a new process that would then pass control to sb_server. I'll look into that. But I don't see how one would get finer-grained control that way: E.g., running the process that binds ports as root, but running the web interface and proxy as an unprivileged user. By the way, the purpose of the mutex code seems to be to keep sb_server from starting multiple instances (or is that not its purpose? I don't do Windows). Anyway, if that is it's purpose, then it may not need replication on Linux, anyway. At least when I start sb_server from an initscript, it won't start multiple instances. I'm not sure why not. Cheers, Richard -- ================================================================== Richard G Heck, Jr Professor of Philosophy Brown University http://bobjweil.com/heck/ ================================================================== Get my public key from http://sks.keyserver.penguin.de Hash: 0x1DE91F1E66FFBDEC Learn how to sign your email using Thunderbird and GnuPG at: http://dudu.dyn.2-h.org/nist/gpg-enigmail-howto