> > I asked about the permissions on the directories, not on files. In > your 'find' command there you specifically limit the search to files > and not directories with "-type f". See 'man find' for more (but IMO > 'find' is a bit like a cornered rat and I'm starting to think it might > not be the best tool in the box for you to be playing with). Just use > > ls -l / | grep var >
> to see the permissions on /var and > ls -l / | grep var lrwxrwxrwx 1 root root 19 Aug 31 2020 snap -> /var/lib/snapd/snap drwxr-xr-x. 23 root root 4096 Jan 11 14:49 var > ls -l /var | grep lib > > to see the permissions on /var/lib. > ls -l /var | grep lib drwxr-xr-x. 95 root root 4096 Mar 20 08:00 lib >> But I'd still want to see that log. > > > > The log from the cronjob, freshclam or eXtremeSHOK.com ClamAV Unofficial > > Signature Updater? > > The cron job which I suggested. From a root shell prompt, to edit the > crontab give the command > > crontab -e > > which will fire up the default editor or the one you've configured. > Just paste these two lines (I tweaked it a bit from last October's > version) right at at the bottom: > > FILE=/var/log/clam_perms.log > * * * * * /bin/date >> $FILE ; /bin/ls -l /var/lib/clamav >> $FILE > > That will write a time/date stamp and a directory listing to the file > every minute until further notice. Yes, there will be quite a lot of > output, but (by the standards of the 21st century) it won't be a huge > file, and you'll get what I'm looking for which is when (to about the > nearest minute) the permissions were changed. If you know to within > the same sort of precision when things are run, that should give you > some clue to what changed the permissions. > I had * * * * * /bin/echo -n "$(/bin/date) " >> /var/log/clam_perms.log && /bin/ls -l /var/lib/clamav >> /var/log/clam_perms.log so it's been populating for a couple of hours. > grep 981 /etc/group > > clamav:x:981:clamscan,clamilt,clamupdate > > Hmmm. So group ID 981 is 'clamav'. What's the numeric ID for the > 'clamupdate' group (and 'clamilt' for completeness)? To me it seems > just a little excessive to have separate users (and maybe groups) for > clamd, clamav-milter and freshclam. I think somebody (probably this > was somebody at Red Hat) lost the plot there, but I suppose you're > stuck with that unless you junk the ClamAV packages and build it all > from source. IMO there's a lot to recommend that. > grep clam /etc/passwd clamilt:x:989:985:Clamav Milter User:/var/run/clamav-milter:/sbin/nologin clamav:x:985:981::/var/run/clamav:/sbin/nologin clamupdate:x:983:979:Clamav database update user:/var/lib/clamav:/sbin/nologin clamscan:x:982:978:Clamav scanner user:/:/sbin/nologin
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
