Sancho2k.net Lists said: > Marc Balmer wrote: > >> (The following example assumes we are chrooted to /var/smtp-vilter) >> >> The temporary directory must be readable by clamd. >> >> /home/marc (1) $ ls -l /var/smtp-vilter/ >> total 6 >> drwx------ 2 _vilter _vilter 512 Nov 16 15:50 etc >> drwx------ 2 _vilter _vilter 512 Dec 14 22:24 run >> drwxrwx--T 2 _vilter _clamd 512 Dec 15 07:18 tmp >> /home/marc (2) $ > > Your example shows the temporary directory as *writable* by _clamd, no? > And what is the reasoning on the last permission mode of "o=T"? When I > set the tmp directory writable by any other user/group than _vilter, I > get these errors: > > Dec 15 07:02:54 sendmail-test sm-mta[31357]: hBFE2sPq031357: Milter > (smtp-vilter): local socket name /var/smtp-vilter/tmp/smtp > -vilter.sock unsafe > Dec 15 07:02:54 sendmail-test sm-mta[31357]: hBFE2sPq031357: Milter > (smtp-vilter): to error state > Dec 15 07:02:54 sendmail-test sm-mta[31357]: hBFE2sPq031357: Milter: > initialization failed, temp failing commands > > Here are my new ownerships/permissions, and the new error message: > > drwxr-xr-x 4 _vilter _vilter 512 Dec 13 17:51 /var/smtp-vilter/ > drwxr-x--- 2 _vilter _clamd 512 Dec 15 07:03 /var/smtp-vilter/tmp/ > > Dec 15 07:03:59 sendmail-test smtp-vilter[30064]: unable to change group > ownership of temp file, Operation not permitted > Dec 15 07:03:59 sendmail-test sm-mta[20175]: hBFE3xPq020175: Milter: > from=<[EMAIL PROTECTED]>, reject=451 4.7.1 Please try a > gain later
So I started thinking about this. I, as an unprivileged user, am unable to set ownership of files to users/groups other than myself, even if I own the file. So I removed the 'tmpfiles=setgrp' option from the config file and restarted it; it looks like deliveries are now successful. No errors anymore. DS ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
