I recently discovered that spamassasin added the following line to my passwd file:
debian-spamd:x:115:122::/var/lib/spamassassin:/bin/sh. Why does spamassasin need shell access? Is it safe to disable shell access (f.e. set shell to /usr/sbin/nologin).
I am running Ubuntu 16.04 LTS + Plesk.
According to Debian bug #918506, the package’s post-install script uses su to execute a command under the debian-spam user. This is impossible if the user doesn’t have a valid shell, so changing the shell to nologin will cause re-configurations and upgrades of the spamassassin package to fail whenever gnupg is also installed (since gnupg must be installed for the affected command to execute).
