[Pkg-clamav-devel] Bug#822444: Solved
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sun May 1 12:59:53 UTC 2016
On 2016-05-01 08:08:14 [+0200], Xavier Quost wrote:
> Hello Sebastian
Hello Xavier,
> > true here (to AllowSupplementaryGroups) then it should work again. I
> > Could you please check if this change works for you?
>
> Yes it solves the problem.
Okay. Thanks for confirming.
> remarks :
> (1) I have made no editing of clamd.conf file (but still not an excuse for not checking this file). It's a file resulting (not provided by) from installation of clamav-daemon package.
> (2) It seems that starting clamd by sysinit does not enforce right permissions (<joke> shall I open a bug report for that ? </joke>).
can you describe the problem a little?
> (3) are not AllowSupplementaryGroups and LocalSocketMode somehow contradictory ?
No I don't think so. AllowSupplementaryGroups is basically what enables
the user of all groups which are part of the clamav user. The second is
just the socket mode.
The problem here, as far as I understand it, is that clamsmtp keeps the
folder + files owned by the clamsmtp group and without the option clamd
is not part of the group and can't access them.
Now going forward on fixing this. On one hand the problem is not setting
AllowSupplementaryGroups to yes. Since clamsmtp adds the clamsmtp group
to the clamav group it would be their job let the user know to do so.
On the other we have different behaviour between systemd and systemv
which is not good.
Anyone an idea what we should do here? I am kind of leaning towards
removing the AllowSupplementaryGroups option and makeing it on by default
since I see currently no reason why one would not want that.
> Best regards
> XQ
Sebastian
More information about the Pkg-clamav-devel
mailing list