# spamd can't add/remove /var/run/spamd.pid, permission denied

## scoy

Like the subject said, spamd cannot create it own pid file under /var/run.

Looks like it wants to create it under /var/run from looking at /etc/init.d/spamd

```
...

exefile=/usr/sbin/spamd

pidfile=/var/run/spamd.pid

...
```

But I get this in my mail logs whenever I try to stop/start the smapd daemon

```
# /etc/init.d/spamd stop

# tail /var/log/mail/current

spamd[3761]: [Can't write to PID file] Permission denied_

# /etc/init.d/spamd start

# tail /var/log/mail/current

spamd[12829]: [logmsg] server killed by SIGTERM, shutting down_

spamd[12829]: [Can't unlink /var/run/spamd.pid] No such file or directory_
```

And then to make sure 

```
# su spamd

# whoami

spamd

# touch /var/run/spamd.pid

touch: cannot touch `/var/run/spamd.pid': Permission denied
```

So I thought that only root can write to /var/run

```
# ls -l /

drwxr-xr-x   17 root root      456 Mar 29 10:17 var

# ls -l /var

drwxr-xr-x   8 root     root     824 Apr 27 09:22 run

#ls -l /var/run

total 60

-rw-r--r--  1 root   root     6 Apr 27 09:22 apache2.pid

-rw-r--r--  1 root   root     6 Apr  5 00:37 authdaemon.pid

-rw-------  1 root   root     0 Apr  4 23:48 authdaemon.pid.lock

srwx------  1 apache root     0 Apr 27 09:22 cgisock

drwxr-xr-x  2 root   root    48 Apr  1 05:23 console

-rw-r--r--  1 root   root     5 Apr  1 05:24 cron.pid

drwxr-xr-x  2 root   root    72 Apr  7 07:31 dcc

-rw-r--r--  1 root   root     6 Apr  5 00:43 imapd-ssl.pid

-rw-------  1 root   root     0 Apr  4 23:49 imapd-ssl.pid.lock

-rw-r--r--  1 root   root     6 Apr  5 00:37 imapd.pid

-rw-------  1 root   root     0 Apr  4 23:49 imapd.pid.lock

-rw-r--r--  1 root   root     5 Apr  1 05:23 metalog.pid

drwxr-xr-x  2 mysql  mysql  112 Apr  7 08:26 mysqld

drwxr-xr-x  2 named  named   48 Mar 22 11:36 named

-rw-r--r--  1 root   root     6 Apr  5 00:43 pop3d-ssl.pid

-rw-------  1 root   root     0 Apr  4 23:48 pop3d-ssl.pid.lock

-rw-r--r--  1 root   root     6 Apr  5 00:37 pop3d.pid

-rw-------  1 root   root     0 Apr  4 23:49 pop3d.pid.lock

drwxr-xr-x  2 root   root   152 Apr  1 05:24 proftpd

-rw-r--r--  1 root   root     5 Apr  1 05:24 proftpd.pid

-rw-------  1 root   root   512 Apr  1 05:23 random-seed

-rw-r--r--  1 root   root     6 Apr  8 09:18 rsyncd.pid

-rw-r--r--  1 root   root     5 Apr  1 05:23 sshd.pid

drwx------  3 root   root    72 Apr 18 22:20 sudo

-rw-r--r--  1 root   root     6 Apr  5 00:37 svscan.pid

-rw-rw-r--  1 root   utmp  4608 May  4 08:21 utmp
```

So it seems like other users have the rights to create their pid files in /var/run.  So why can't the user 'spamd'? That is the user spamd is running under

```
# cat /etc/conf.d/spamd

SPAMD_OPTS="-x -u spamd  -H /home/spamd"
```

So this is where I'm at right now.  Why can't spamd create it's pid file under /var/run?  It may be obvious but I missed it.  Thanks in advance

----------

## Double

```
id spamd
```

what you see?

----------

## scoy

```
# id spamd

uid=1020(spamd) gid=428(spamd) groups=428(spamd)
```

----------

## Double

no only user "ROOT" or user in group "ROOT" cat write in "/var/run"

drwxr-xr-x root root

root - read write search 

in group root - read write search

other - read search

so user spamd in group spamd can not write in /var/run

----------

## scoy

That's what I figured but how can the other files in /var/run be owned by non-root users?  See my listing above.  I'm assuming the the daemons start as root then drop to a different users once the daemon starts.  If that's the case then how can I achieve this?

----------

## Double

 *scoy wrote:*   

> That's what I figured but how can the other files in /var/run be owned by non-root users?  See my listing above.  I'm assuming the the daemons start as root then drop to a different users once the daemon starts.  If that's the case then how can I achieve this?

 

other files in /var/run be owned by non-root users??? where???

i see listing but not see files be owned by non-root-users or owned by non-root-group-users

----------

## scoy

EDIT: now that I re-read your post I think you mean the only things non-root/non-root are directories.  The 'cgisock' is apache/root and utmp is root/utmp.  So I see what you mean.  The question is how do I fix?  

 *scoy wrote:*   

> 
> 
> So I thought that only root can write to /var/run
> 
> ```
> ...

 Last edited by scoy on Wed May 04, 2005 2:18 pm; edited 1 time in total

----------

## Double

 *scoy wrote:*   

>  *scoy wrote:*   
> 
> So I thought that only root can write to /var/run
> 
> ```
> ...

 

so where you see files owned by non-root-users or owned by non-root-group-users PLEASE POST FILES NAME

----------

## scoy

I mis-read your post the first time, sorry.  I tried to edit my post before your next one.

 *Quote:*   

> EDIT: now that I re-read your post I think you mean the only things non-root/non-root are directories. The 'cgisock' is apache/root and utmp is root/utmp. So I see what you mean. The question is how do I fix? 

 

----------

## Double

 *scoy wrote:*   

> I mis-read your post the first time, sorry.  I tried to edit my post before your next one.
> 
>  *Quote:*   EDIT: now that I re-read your post I think you mean the only things non-root/non-root are directories. The 'cgisock' is apache/root and utmp is root/utmp. So I see what you mean. The question is how do I fix?  

 

so maybe run as root user but this less security, maybe put spamd.pid file another place see config file

post spamd.conf

----------

## scoy

i don't want to run it as root so i just changed my /etc/conf.d/spamd ...

```
SPAMD_OPTS="-d m 5 -r /home/spamd/spamd.pid -u spamd -H /home/spamd -x"
```

Thanks for your help.

----------

## scoy

woops.

that wouldn't work because the pid file defined in /etc/init.d/spamd overtakes the '-r /home/spamd/spamd.pid' in /etc/conf.d/spamd.  I had to modify /etc/init.d/spamd in order for start/stop to work while running under user 'spamd'

```
# vim /etc/init.d/spamd

...

exefile=/usr/sbin/spamd

#pidfile=/var/run/spamd.pid

pidfile=/home/spamd/spamd.pid

...

# /etc/init.d/spamd restart

 * Re-caching dependency info (mtimes differ)...

 * Stopping spamd...                                                                                              [ ok ]

 * Starting spamd...                                                                                              [ ok ]

```

Finally.  Thanks.

----------

## eagle_cz

i noted the same...  did i miss something when i thing, that Spamassassin should not be run as a root ?

----------

## Double

 *eagle_cz wrote:*   

> i noted the same...  did i miss something when i thing, that Spamassassin should not be run as a root ?

 

you can run Spamassassin and as root and as user

----------

## eagle_cz

 *Double wrote:*   

>  *eagle_cz wrote:*   i noted the same...  did i miss something when i thing, that Spamassassin should not be run as a root ? 
> 
> you can run Spamassassin and as root and as user

 

Ahhh... ofcourse i can run SPAMD as user, whitch can not write to /var/run

Ofcourse i can change /var/run to /var/run/spamd/ while PIDFILE variable is ignored by modify /etc/init.d/spamd

... or do you have any other suggestion?

----------

