[Pkg-clamav-devel] Bug#822444: Found the problem
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat Apr 30 22:00:45 UTC 2016
On 2016-04-26 22:39:16 [+0200], Xavier Quost wrote:
> Hello Sebastian,
Hello Xavier,
> /lib/systemd/system/clamav-daemon.service
…
> [Service]
…
> User=clamav
> Group=clamav
> I'm not familiar with systemd, however I'm surprised that when /etc/init.d/clamav-daemon is somethink like 400 lines, systemd is something like 10 lines.
> But still I'm not familiar with systemd.
A lot of the stuff in clamav-daemon is legacy stuff and solved in
systemd differently. To give an example:
- we pass `-c /etc/clamav/clamd.conf' in the non-systemd case. But this
is the default settings so we could drop it. Therefore it makes no
difference if you pass this in systemd case or not (nothing changes).
- In the systemv case we start the daemon via start-stop-daemon and pass
the user from the config as an argument. We could however start clamd
as root and let the daemon itself change the user to whatever is
selected in clamd.conf. This is what happens in the systemd case.
> Please would you tell me if those modifications make sense, or if those shall be made elsewhere in the system.
I installed clamsmtp and been looking a little around and I think I
found the problem: You clamd.conf says
AllowSupplementaryGroups disabled
but clamsmtp adds the group clamsmtp to the clamav user:
# id clamav
uid=108(clamav) gid=113(clamav) groups=113(clamav),114(clamsmtp)
With this option set to disabled / false clamav has only access to the
clamav user+group. I think if you revert your changes and instead set
true here (to AllowSupplementaryGroups) then it should work again. I
*think* systemd + start-stop-daemon do this by default and that is why
we did not notice this before.
Could you please check if this change works for you?
> Best regards
>
> XQ
Sebastian
More information about the Pkg-clamav-devel
mailing list