Hi Bryan, Thank you very much for contributing your thoughts to this thread.
> E.g. 007 permissions (------rwx) does *not* give 'everyone' read/write/execute > permissions; it only gives people who are (1) not the owner/in the owner > class, and (2) > not in the owning group/in the group class. As I read it, this shows even better how the file permissions rules are not being followed. >From the wikipedia article: The effective permissions are determined based on the user's class. For example, the user who is the owner of the file will have the permissions given to the owner class regardless of the permissions assigned to the group class or others class. so my test #6: s------rw- 1 clamav simscan 0 Jul 29 10:04 clamd.socket since clamav is in the owner class, it's effective permissions should be ---, which should deny access to the clamav user regardless of any other permission for group or other. Yet it still has access to the socket. Conversely, my test #5: s------rw- 1 root root 0 Aug 1 14:40 clamd.socket since clamav is not a member of the owner class, and is not a member of the group class, it should then be a member of the other class, and as the other class, it should be granted rw. Yet clamav cannot access the socket. Perhaps I am not seeing the point you are illustrating? _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
