amavisd-new (net-mail/amavisd-new-20030616_p7 here) creates a user "amavis", with "/var/run/amavis" as it's home-dir. this dir is amavisd-new's working-dir. now when using software that extends amavisd-new, like Maia (http://www.renaissoft.com/maia/) there come up severe problems. maia writes his stuff into the amavis-homedir, things like learned spamassassin-bayes-databases, razor-stuff, customized templates, and so on, because it runs as user amavis, too. now _every time_ the machine reboots /var/run is completely wiped out by gentoo linux, meaning that all data like learned bayes-db and so on are completely lost, which really makes it a pain to keep it running. these problems where discussed several times now on the maia-mailinglist. the default-installation-dir of amavisd-new is /var/amavis, as far as i know, maybe the working-dir can be changes to this default-dir? Reproducible: Always Steps to Reproduce: 1. emerge amavisd_new 2. install maia (http://www.renaissoft.com/maia/) 3. reboot ;-) Actual Results: lost all learned data from thousands of mails Expected Results: shouldn't have lost it ;-) -
I'm in total agreement with Stephan, indeed, I've been running amavisd-new in a different home directory for awhile now. I would have submitted the change, but I did not realize it was so important. I can reproduce this issue; the /etc/init.d/bootmisc script does clear out /var/run files (but not directories). It does not make sense to have amavisd-new's home directory in /var/run anyway. This ebuild actually creates three directories, /var/run/amavis, /var/spool/amavis, and /var/lib/amavis, and seems to get very confused between them all. I think we need to answer the question, which directory should really be amavisd-new's home directory? Referring to LFS does not really answer the question well, so we must consider all the factors: - Some users will attempt to chroot amavisd-new. This will require copying tons of binaries and setting up a proper chroot environment in the home directory. This will also require running any helper daemons within this chroot environment as the same user. - Other users will simply run amavisd-new and all the helper programs/daemons with lesser privileges (user/group amavis). This will require placing pid files and socket files in the amavisd-new home directory (well, maybe not require, but it makes sense). - Finally, a few users will simply run amavisd-new as root, not requiring much special setup, but losing much security. Amavisd-new does not come configured to run this way by default. I highly recommend the second method, because it's fairly secure, and it's easily administrated. We can however, tailor the ebuild to do a fairly good job accomodating all these setups. I think a setup in /var/spool/amavis or /var/amavis is best. I am attaching two ebuilds, one with /var/spool/amavis as the home directory and one with /var/amavis as the home directory. The only reason I'm sticking with /var/spool/amavis is because postfix uses /var/spool/postfix and it's a similar app that can be chrooted. In any case, you can now choose. You'll notice these ebuilds do some other setup to facilitate a nice amavisd-new setup. I did add a dependency on razor, and some razor setup-- you might not want this, but I submit it for your critique.
Created attachment 33283 [details, diff] amavisd-new-20030616_p9.ebuild.diff home directory: /var/spool/amavis
Created attachment 33284 [details, diff] files/amavisd.rc6.diff home directory: /var/spool/amavis
Created attachment 33285 [details, diff] amavisd-new-20030616_p9.ebuild.diff home directory: /var/amavis
Created attachment 33286 [details, diff] files/amavisd.rc6.diff home directory: /var/amavis
Ahh a comment at last ;-) I'm using amavisd-new only in a production-environment, i can't test your diffs :-( Would be great to get this done, I have move all relevant dirs by hand now, but an upgrade will surely make problems...
If we're going to restructure where we put things, it might be a good idea to see how OpenBSD packages it, since they tend to be the experts at priv sep and chroots.
The OpenBSD ports installation doesn't look too involved. They do not attempt to setup a chroot environment. The only thing I got from their setup is that they use /var/amavisd. This pushes me towards using /var/amavis (the amavisd-new default) as the homedir. Also, there is a new major release of amavisd-new now (Bug 56233), and I think this would be a great opportunity to change the layout. The configuration and features have changed a lot, so having the layout change wouldn't be as big of a deal. Thoughts?
I'm the original reporter of this bug, I think this should really be done with the major release. Nevertheless I'd like to see Cory's Patch for the old version in portage, it works really fine here! I need this because I'm using Maia Mailguard which uses amavisd-new for it's purposes, and the author of maia doesn't want to support amavisd-new2 until it's really stable...
Layout has now been shifted and re-organized in amavisd-new-20040701. I highly recommend upgrading (hopefully maia will support it soon). I'm going to shy away from backporting this since I spent so much time on the new release. Let me know what you think -- Bug 56233 for more details.
I can't test this unless Maia Mailguard is upgraded to support 20040701, but will do then immediately!
Sorry, Stephan, I would really like to not maintain two versions. I will not mark this new version stable until Maia supports it. How's that?
That's fine for me! Maia's author wanted to release a version supporting 20040701 after a month or somethin like that, I think this will be within the next 2 weeks. When this is done I'll try to write an ebuild for Maia, would be great to have it in portage!