Why sa-update not running with cron?

Mikky23 · May 17, 2024, 6:39am

SYSTEM INFORMATION
OS type and version	Debian Linux 11
Webmin version	2.111
Usermin version	2.010
Virtualmin version	7.10.0
Theme version	21.10
Package updates	All installed packages are up to date

Hy,

I got one server that as far as I know has the same config as others, where sa-update (spamassassin) does not seems to work with the cron. I see it is in /etc/cron.daily/spamassassin (user root, active yes).

But when I check the dir: /var/lib/spamassassin/3.004006/updates_spamassassin_org/ the update date is stuck. While other servers, I see the date of this folder change every day.

I expected to see an error in the cron mail if something was wrong, but there is no error email. Also when running it from command line, sa-update works fine.

Where should I look to find the possible cause of this?

Update: Strange, found the problem. Somehow the dir and it files: /var/lib/spamassassin/3.004006/ had root as owned, instead of debian-spamd. Did a chown and now it works. Crazy Maybe it helps someone running into this some day.

Update2: I checked again, but latest update was 3 days ago. Stopped working again or the fix was never the solution.

Stegan · May 17, 2024, 9:03am

You are correct to say “Strange”
As user root (doing the updates, or running cron) should have access to everything?

Mikky23 · May 17, 2024, 10:26am

That’s right must be an explanation for it, but not sure it’s worth investing more time into it.

Stegan · May 17, 2024, 1:34pm

given the number of Debian users on here I’m a little surprised this has not been flagged before.

ID10T · May 17, 2024, 2:10pm

Debian 11

root@main:/var/lib/spamassassin/3.004006/updates_spamassassin_org# ls -lath
total 1.5M
drwxr-xr-x 2 debian-spamd debian-spamd 4.0K May 17 06:55 .
drwxr-xr-x 3 debian-spamd debian-spamd 4.0K May 17 06:55 ..
-rw-r--r-- 1 debian-spamd debian-spamd  30K May 17 06:55 72_scores.cf
-rw-r--r-- 1 debian-spamd debian-spamd 4.2K May 17 06:55 73_sandbox_manual_scores.cf
-rw-r--r-- 1 debian-spamd debian-spamd 131K May 17 06:55 languages
-rw-r--r-- 1 debian-spamd debian-spamd 3.2K May 17 06:55 local.cf
-rw-r--r-- 1 debian-spamd debian-spamd 2.8K May 17 06:55 regression_tests.cf
-rw-r--r-- 1 debian-spamd debian-spamd 4.7K May 17 06:55 sa-update-pubkey.txt

Joe · May 17, 2024, 3:15pm

It hasn’t been flagged before because it is not broken by default. You’d have to go out of your way to break it.

Stegan · May 17, 2024, 3:22pm

So any change to restrict ownership seems rather pointless:

even if effective

Joe · May 17, 2024, 3:26pm

You misunderstand the problem and solution, I think. The files should have always been owned by debian-spamd, because it would be a stupidly dangerous idea to run every process, particularly ones that interact with data from the internet, like sa-update, as root.

Mikky23 · May 20, 2024, 10:02am

Ok I have to give a little update: is does not work again. Now I’m even more confused
Let’s see how to fix this.

But Joe you say:

because it would be a stupidly dangerous idea to run every process, particularly ones that interact with data from the internet, like sa-update , as root .

But the daily cron that is created on installation, for Spamassassin is assigned to the root user?

cron

Joe · May 20, 2024, 4:17pm

lol, you’re right. It runs as root, and all those files are owned by root on Rocky/Alma/RHEL systems. Wild.

Mikky23 · May 21, 2024, 1:42pm

Haha wild indeed.

Ok I found the real reason. When I look at the /etc/cron.daily/spamassassin script I see:

CRON=0

test -f /etc/default/spamassassin && . /etc/default/spamassassin

test -x /usr/bin/sa-update || exit 0
test -x /etc/init.d/spamassassin || exit 0
command -v gpg > /dev/null || exit 0

if [ "$CRON" = "0" ] ; then
    exit 0
fi

And the CRON = 1 value is the result from this line: test -f /etc/default/spamassassin && . /etc/default/spamassassin

Now I thought this was enabled by default, but looking at /etc/default/spamassassin it was off. I have no idea why, maybe I missed something during install? Anyway the content was:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
PIDFILE="/var/run/spamd.pid"
CRON=0

And on the servers where it was running correct it is:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
ENABLED=1
CRON=1
PIDFILE=/var/run/spamd.pid

So, that was the case .

ID10T · May 21, 2024, 8:14pm

It might be distro specific? If you enable SA I’d think this should get toggled at the same time?

That said, I’m on 11. I had to install 10, upgrade to 11, and then installed VM. That was close to a year and a half ago now. I suppose something in the scripts could have changed.

system · May 29, 2024, 8:15pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.