----- Original Message ----- > Hi there, > > On Fri, 2 Aug 2013, Bob Miller wrote: > > > Were you expecting something different? > > Not necessarily, but it tells me something. :) > > > Or more likely, am I missing something obvious here? > > You might be. Please look at the permissions of the parent > directory. > You might then want to make changes to those permissions and once > more > repeat your tests. Note: In a *n[iu]x system you can delete a file > in > a directory to which you can write, even if you can't write (nor even > read) the said file. That's because a directory is effectively just > a > file, and putting a new file in a directory or removing a file from > it > is just making a modification to the content of the file that you > know > as the directory. Of course the OS makes its own modifications to > the > directory too (things like access times and file sizes) and the OS > can > do what it likes, but the directory's permissions are about what > users > (or more correctly processes with given user's permissions) can do to > them. When the parent directory permits both your users to write to > it I think you will see results from your tests that you don't > expect. > > > Thank you again for your time... > > I appreciate it, but we're all learning from this. :) >
Well, since its /tmp, hopefully its something reasonable like 0777 or 1777, the latter is more common which means files in /tmp can only be removed by its owner (or root). I don't know anything about simscan, since we run sendmail.... But, since most of the testing, has clamd restarting and it announcing that its removing the socket file.... > a. srw-rw---- 1 clamav simscan 0 Aug 1 13:39 clamd.socket > -clam restart: Socket file removed. > -simscan: ERROR: Can't connect to clamd: Permission denied > b. srw-rw---- 1 root simscan 0 Aug 1 13:42 clamd.socket > -clam restart: ERROR: Can't unlink the socket file /tmp/clamd.socket > -simscan: ERROR: Can't connect to clamd: Permission denied ...would suggest that FixStaleSocket (which defaults to yes) is seeing the socket as stale when clamd starts again. So, what does the socket look like after clam restarts? Hmm, > Permissions and ClamAntiVirus > > To get ClamAV to play nicely with simscan's permissions you have two > options: > > * run clamd as root > * Add clamav to simscan's group. > > Then clamav will have access to the working directory and it's files. > > 1. The /var/qmail/simscan directory defaults to ownership to > simscan.root. So change the group to 'simscan'. > > 2. Set the sticky bit on the directory so when simscan creates it's > temporary directories and files they are group owned simscan as well. > > 3. Add the clamav user to the simscan group. > > On Linux like systems: > > 1. chgrp simscan /var/qmail/simscan > > 2. chmod g+s /var/qmail/simscan > > 3. usermod -G simscan clamav > > Also make sure AllowSupplementaryGroups is set in your clamd.conf file > so that the clamd daemon knows about the simscan group. from: http://www.qmailwiki.org/Simscan/README taking a look at one of our clamav VMs, I see srw-rw-rw- 1 clamav clamav 0 Jul 27 03:10 /var/tmp/clamd.socket= Guess that's because neither LocalSocketGroup nor LocalSocketMode are set in our config. Of course, the only thing that should be connecting to the socket is clamav-milter ... we then have 4 of these VMs in a pool behind our F5 where in theory anybody on campus could use it, but nothing official (what most do is list our MX's at lower priority than their MX, but their MX is firewalled so that inbound mail has to come through our MX first...) Lawrence _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
