Stephen Gran said: > On Tue, May 17, 2005 at 07:03:10AM -0700, Dennis Peterson said: >> That would be a good trick if the directory it is found in is owned ro >> by >> root. I suppose it could be created by root then chowned to clam_user, >> but >> that too presumes much. To make it entirely turnkey the process should >> see >> if the user-selected log directory is readable by clam_user first, then >> it >> should see if the file already exists (or if a directory of the same >> name >> exists), and if it is writable by clam_user. If everything isn't perfect >> it could fail with a warning to the console. Now what to do about your >> log >> rotator? How should clam predict a misconfigured rotator? That seems >> like >> a lot of hand holding. > > On Tue, May 17, 2005 at 07:04:56AM -0700, Dennis Peterson said: >> I think it would be better if clamd, like syslogd, didn't create the >> file >> at all. End of problem. > > So you want either all possible checks, or no seperable logging?
Where did I say that? With syslog you touch a file and it starts logging. Simple, effective. It can be the same with clam. No local logging until you, the admin, create the file and set the needed permissions. We do it all the time. > That > does seem like a rather drastic set of solutions to a trivial to fix > bug. Moving about 10 lines of code will fix the bug under discussion, > and the rest is the job of the packager/local admin. I have to say I > have never noticed this bug up until now, because the install scripts > and logrotate scripts I use handle permissions in a way that allows it > to work (pats self on back, and wrenches arm doing so). That level of competence should be the norm - it's not rocket science. > > 5 minutes looking at the code could have avoided several hundred lines > of email, methinks. > -- I think the coders are trying too hard to support the lower level admins. That is a thankless job. As thankless as educating them. Threads like this one do get some of them thinking, though. dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
