On Tue, 2005-06-28 at 14:30 -0400, Ronny Nussbaum wrote: > Hello. > I can't find anywhere a good explanation for this setting. > > "man 5 clamd.conf" gives: > "Initialize supplementary group access (clamd must be started by root)." > > Great... What does that mean?
by default, only the same uid/gid as the clam user can query the clamd socket. So, the directions on some websites say that amavis-new should be run by the same user as clamd. That becomes a problem if you have lots of virus scanners that all enforce this strict 1:1 relationship. With supplementary groups, anyone who shares a gid with the clam user can query the socket. For example, I might create: addgroup virusthingy adduser -g clamd -G virusthingy clamd adduser -g amavis -G virusthingy amavis Since both clamd and amavis are members of the supplementary group "virusthingy" the amavis user would be allowed to query the clamd socket if allowsupplementarygroups were set. I normally just do: adduser -g clamd clamd adduser -g amavis -G clamd amavis and I think the other permutation works too: adduser -g clamd -G amavis clamd adduser -g amavis amavis -- Daniel J McDonald, CCIE # 2495, CNX Austin Energy [EMAIL PROTECTED] _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
