Re: [CentOS] permission problems with avamis and Centos 6.3
On 01/28/2013 02:46 PM, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/28/2013 02:39 PM, Robert Moskowitz wrote:
>> On 01/28/2013 01:15 PM, Daniel J Walsh wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>> On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>
> On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
>> Thank you for your suggestion, but it did not fix the permissions
>> problem.
>>
>> On 01/24/2013 10:13 AM, Rob wrote:
>>> usermod -a -G amavis clam
>> How is this different from:
>>
>> gpasswd -a clam amavis
>>
>> And I am still getting the permissions error.
>>
>>> service clamd restart
>>>
>>> be happy
>>>
>>> On 24.01.2013, at 04:16, Robert Moskowitz
>>> wrote:
>>>
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some
selinux references for Centos 6. There are real problems here
for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam
Anti Virus Checker:/var/clamav:/sbin/nologin
amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus
Checker:/var/lib/clamav:/sbin/nologin
amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this
causes problems with the group recommendation:
In addition, the clamav user should automatically have been
added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by
clamav...
But in testing for spam I see the following in
/var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av
(ClamAV-clamd) FAILED - unexpected ,
output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts:
> lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the
permissions are to amavis:amavis
So where is my permission problem?
___ CentOS mailing
list CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
>>> ___ CentOS mailing
>>> list CentOS@centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>> ___ CentOS mailing
>> list CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> Can you attach the AVC messages from audit log.
>
> ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav
state):
time->Mon Jan 28 11:18:26 2013 type=SYSCALL
msg=audit(1359389906.446:25): arch=4003 syscall=5 success=yes
exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211
pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493
egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan"
exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0
key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read
} for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir time->Mon
Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26):
arch=4003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8
a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489
euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none)
ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan"
subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC
msg=audit(1359389906.490:26): avc: denied { create } for pid=3045
comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045
comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
scontext=system_u:sys
Re: [CentOS] permission problems with avamis and Centos 6.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/28/2013 02:39 PM, Robert Moskowitz wrote:
>
> On 01/28/2013 01:15 PM, Daniel J Walsh wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
>>> On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
> Thank you for your suggestion, but it did not fix the permissions
> problem.
>
> On 01/24/2013 10:13 AM, Rob wrote:
>> usermod -a -G amavis clam
> How is this different from:
>
> gpasswd -a clam amavis
>
> And I am still getting the permissions error.
>
>> service clamd restart
>>
>> be happy
>>
>> On 24.01.2013, at 04:16, Robert Moskowitz
>> wrote:
>>
>>> I am trying to follow:
>>>
>>> http://wiki.centos.org/HowTos/Amavisd
>>>
>>> Which seems to really be written for Centos 5, with just some
>>> selinux references for Centos 6. There are real problems here
>>> for Centos 6 with the userids section.
>>>
>>> It gives the following command and result:
>>>
>>> cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam
>>> Anti Virus Checker:/var/clamav:/sbin/nologin
>>> amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
>>>
>>> But my Centos 6.3 has:
>>>
>>> clam:x:494:490:Clam Anti Virus
>>> Checker:/var/lib/clamav:/sbin/nologin
>>> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
>>>
>>> Note the difference in userid clam instead of clamav. So this
>>> causes problems with the group recommendation:
>>>
>>> In addition, the clamav user should automatically have been
>>> added to the amavis group:
>>>
>>> # groups clamav clamav : clamav amavis
>>>
>>> If not, you can manually add clamav to the amavis group:
>>>
>>> gpasswd -a clamav amavis
>>>
>>>
>>> so I did:
>>>
>>> gpasswd -a clam amavis
>>>
>>>
>>> So far, it seems just changing what userid is now used by
>>> clamav...
>>>
>>> But in testing for spam I see the following in
>>> /var/log/maillog
>>>
>>> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av
>>> (ClamAV-clamd) FAILED - unexpected ,
>>> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts:
>>>
>>>
lstat() failed: Permission denied. ERROR\n"
>>>
>>> I checked this directory tree and all along the tree the
>>> permissions are to amavis:amavis
>>>
>>> So where is my permission problem?
>>>
>>>
>>> ___ CentOS mailing
>>> list CentOS@centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>> ___ CentOS mailing
>> list CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
> ___ CentOS mailing
> list CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
>>> Back home and booted up test system (thus no questions about clamav
>>> state):
>>>
>>> time->Mon Jan 28 11:18:26 2013 type=SYSCALL
>>> msg=audit(1359389906.446:25): arch=4003 syscall=5 success=yes
>>> exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211
>>> pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493
>>> egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan"
>>> exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0
>>> key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read
>>> } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185
>>> scontext=system_u:system_r:clamscan_t:s0
>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir time->Mon
>>> Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26):
>>> arch=4003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8
>>> a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489
>>> euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none)
>>> ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan"
>>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC
>>> msg=audit(1359389906.490:26): avc: denied { create } for pid=3045
>>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
>>> scontext=system_u:system_r:clamscan_t:s0
>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
>>> msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045
>>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
>>> scontext=system_u:system_r:clamscan_t:s0
>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
>>> msg=audit(
Re: [CentOS] permission problems with avamis and Centos 6.3
On 01/28/2013 01:15 PM, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
>> On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>> On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions
problem.
On 01/24/2013 10:13 AM, Rob wrote:
> usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
> service clamd restart
>
> be happy
>
> On 24.01.2013, at 04:16, Robert Moskowitz
> wrote:
>
>> I am trying to follow:
>>
>> http://wiki.centos.org/HowTos/Amavisd
>>
>> Which seems to really be written for Centos 5, with just some
>> selinux references for Centos 6. There are real problems here for
>> Centos 6 with the userids section.
>>
>> It gives the following command and result:
>>
>> cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti
>> Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis
>> email scan user:/var/amavis:/bin/sh
>>
>> But my Centos 6.3 has:
>>
>> clam:x:494:490:Clam Anti Virus
>> Checker:/var/lib/clamav:/sbin/nologin
>> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
>>
>> Note the difference in userid clam instead of clamav. So this
>> causes problems with the group recommendation:
>>
>> In addition, the clamav user should automatically have been added
>> to the amavis group:
>>
>> # groups clamav clamav : clamav amavis
>>
>> If not, you can manually add clamav to the amavis group:
>>
>> gpasswd -a clamav amavis
>>
>>
>> so I did:
>>
>> gpasswd -a clam amavis
>>
>>
>> So far, it seems just changing what userid is now used by
>> clamav...
>>
>> But in testing for spam I see the following in /var/log/maillog
>>
>> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av
>> (ClamAV-clamd) FAILED - unexpected ,
>> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts:
>> lstat() failed: Permission denied. ERROR\n"
>>
>> I checked this directory tree and all along the tree the
>> permissions are to amavis:amavis
>>
>> So where is my permission problem?
>>
>>
>> ___ CentOS mailing
>> list CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> ___ CentOS mailing list
> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>
___ CentOS mailing list
CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>> Can you attach the AVC messages from audit log.
>>>
>>> ausearch -m avc -ts recent
>> Back home and booted up test system (thus no questions about clamav
>> state):
>>
>> time->Mon Jan 28 11:18:26 2013 type=SYSCALL
>> msg=audit(1359389906.446:25): arch=4003 syscall=5 success=yes exit=3
>> a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045
>> auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489
>> sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan"
>> exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null)
>> type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045
>> comm="clamscan" name="parts" dev=dm-0 ino=2624185
>> scontext=system_u:system_r:clamscan_t:s0
>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir time->Mon Jan
>> 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=4003
>> syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8
>> items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493
>> suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295
>> comm="clamscan" exe="/usr/bin/clamscan"
>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC
>> msg=audit(1359389906.490:26): avc: denied { create } for pid=3045
>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
>> scontext=system_u:system_r:clamscan_t:s0
>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
>> msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045
>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
>> scontext=system_u:system_r:clamscan_t:s0
>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
>> msg=audit(1359389906.490:26): avc: denied { write } for pid=3045
>> comm="clamscan" name="tmp" dev=dm-0 ino=2624119
>> scontext=system_u:system_r:clamscan_t:s0
>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir time->Mon Jan
>> 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=4003
>
Re: [CentOS] permission problems with avamis and Centos 6.3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
>
> On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
>>> Thank you for your suggestion, but it did not fix the permissions
>>> problem.
>>>
>>> On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
>>> How is this different from:
>>>
>>> gpasswd -a clam amavis
>>>
>>> And I am still getting the permissions error.
>>>
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz
wrote:
> I am trying to follow:
>
> http://wiki.centos.org/HowTos/Amavisd
>
> Which seems to really be written for Centos 5, with just some
> selinux references for Centos 6. There are real problems here for
> Centos 6 with the userids section.
>
> It gives the following command and result:
>
> cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti
> Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis
> email scan user:/var/amavis:/bin/sh
>
> But my Centos 6.3 has:
>
> clam:x:494:490:Clam Anti Virus
> Checker:/var/lib/clamav:/sbin/nologin
> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
>
> Note the difference in userid clam instead of clamav. So this
> causes problems with the group recommendation:
>
> In addition, the clamav user should automatically have been added
> to the amavis group:
>
> # groups clamav clamav : clamav amavis
>
> If not, you can manually add clamav to the amavis group:
>
> gpasswd -a clamav amavis
>
>
> so I did:
>
> gpasswd -a clam amavis
>
>
> So far, it seems just changing what userid is now used by
> clamav...
>
> But in testing for spam I see the following in /var/log/maillog
>
> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av
> (ClamAV-clamd) FAILED - unexpected ,
> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts:
> lstat() failed: Permission denied. ERROR\n"
>
> I checked this directory tree and all along the tree the
> permissions are to amavis:amavis
>
> So where is my permission problem?
>
>
> ___ CentOS mailing
> list CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
___ CentOS mailing list
CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>> ___ CentOS mailing list
>>> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>>
>> Can you attach the AVC messages from audit log.
>>
>> ausearch -m avc -ts recent
>
> Back home and booted up test system (thus no questions about clamav
> state):
>
> time->Mon Jan 28 11:18:26 2013 type=SYSCALL
> msg=audit(1359389906.446:25): arch=4003 syscall=5 success=yes exit=3
> a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045
> auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489
> sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan"
> exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null)
> type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045
> comm="clamscan" name="parts" dev=dm-0 ino=2624185
> scontext=system_u:system_r:clamscan_t:s0
> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir time->Mon Jan
> 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=4003
> syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8
> items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493
> suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295
> comm="clamscan" exe="/usr/bin/clamscan"
> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC
> msg=audit(1359389906.490:26): avc: denied { create } for pid=3045
> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
> scontext=system_u:system_r:clamscan_t:s0
> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
> msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045
> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
> scontext=system_u:system_r:clamscan_t:s0
> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC
> msg=audit(1359389906.490:26): avc: denied { write } for pid=3045
> comm="clamscan" name="tmp" dev=dm-0 ino=2624119
> scontext=system_u:system_r:clamscan_t:s0
> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir time->Mon Jan
> 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=4003
> syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0
> ppid=2211 pid=3045 auid=4294967295
Re: [CentOS] permission problems with avamis and Centos 6.3
On 01/24/2013 02:22 PM, Rob wrote: > > On 24.01.2013, at 19:15, Robert Moskowitz wrote: > >> Thank you for your suggestion, but it did not fix the permissions problem. >> >> On 01/24/2013 10:13 AM, Rob wrote: >>> usermod -a -G amavis clam >> How is this different from: >> >> gpasswd -a clam amavis >> >> And I am still getting the permissions error. >> >>> service clamd restart >>> >>> be happy >>> >>> On 24.01.2013, at 04:16, Robert Moskowitz wrote: >>> I am trying to follow: http://wiki.centos.org/HowTos/Amavisd Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section. It gives the following command and result: cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh But my Centos 6.3 has: clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation: In addition, the clamav user should automatically have been added to the amavis group: # groups clamav clamav : clamav amavis If not, you can manually add clamav to the amavis group: gpasswd -a clamav amavis so I did: gpasswd -a clam amavis So far, it seems just changing what userid is now used by clamav... But in testing for spam I see the following in /var/log/maillog Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n" I checked this directory tree and all along the tree the permissions are to amavis:amavis So where is my permission problem? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos > What are the permission for /var/spool/amavisd. amavis:amavis > > Did you try: > service clam stop > service clam start > Instead of: > restart? (it is not the same) Does boot count? ;) Yes this was from a clean boot. And I just powered up the system again today and it repeated the permissions problem. > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] permission problems with avamis and Centos 6.3
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
>> Thank you for your suggestion, but it did not fix the permissions problem.
>>
>> On 01/24/2013 10:13 AM, Rob wrote:
>>> usermod -a -G amavis clam
>> How is this different from:
>>
>> gpasswd -a clam amavis
>>
>> And I am still getting the permissions error.
>>
>>> service clamd restart
>>>
>>> be happy
>>>
>>> On 24.01.2013, at 04:16, Robert Moskowitz wrote:
>>>
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux
references for Centos 6. There are real problems here for Centos 6
with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti
Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email
scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes
problems with the group recommendation:
In addition, the clamav user should automatically have been added to
the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av
(ClamAV-clamd) FAILED - unexpected ,
output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts:
lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions
are to amavis:amavis
So where is my permission problem?
___ CentOS mailing list
CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>> ___ CentOS mailing list
>>> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>>
>> ___ CentOS mailing list
>> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>
> Can you attach the AVC messages from audit log.
>
> ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav state):
time->Mon Jan 28 11:18:26 2013
type=SYSCALL msg=audit(1359389906.446:25): arch=4003 syscall=5
success=yes exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0
ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493
fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295
comm="clamscan" exe="/usr/bin/clamscan"
subj=system_u:system_r:clamscan_t:s0 key=(null)
type=AVC msg=audit(1359389906.446:25): avc: denied { read } for
pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir
time->Mon Jan 28 11:18:26 2013
type=SYSCALL msg=audit(1359389906.490:26): arch=4003 syscall=39
success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0
ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493
fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295
comm="clamscan" exe="/usr/bin/clamscan"
subj=system_u:system_r:clamscan_t:s0 key=(null)
type=AVC msg=audit(1359389906.490:26): avc: denied { create } for
pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir
type=AVC msg=audit(1359389906.490:26): avc: denied { add_name } for
pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9"
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir
type=AVC msg=audit(1359389906.490:26): avc: denied { write } for
pid=3045 comm="clamscan" name="tmp" dev=dm-0 ino=2624119
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir
time->Mon Jan 28 11:18:26 2013
type=SYSCALL msg=audit(1359389906.528:27): arch=4003 syscall=5
success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0
ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493
fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295
comm="clamscan" exe="/usr/bin/clamscan"
subj=system_u:system_r:clamscan_t:s0 key=(null)
type=AVC msg=audit(1359389906.528:27): avc: denied { write } for
pid=3045 comm="clamscan" name="clamav-308541af5e7a
Re: [CentOS] permission problems with avamis and Centos 6.3
On hold until monday. It was decided we (family) would pack up and go to Chicago for the weekend. Will work on this when I get back. Thanks for the pointer. On 01/24/2013 02:48 PM, Daniel J Walsh wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 01/24/2013 01:15 PM, Robert Moskowitz wrote: >> Thank you for your suggestion, but it did not fix the permissions problem. >> >> On 01/24/2013 10:13 AM, Rob wrote: >>> usermod -a -G amavis clam >> How is this different from: >> >> gpasswd -a clam amavis >> >> And I am still getting the permissions error. >> >>> service clamd restart >>> >>> be happy >>> >>> On 24.01.2013, at 04:16, Robert Moskowitz wrote: >>> I am trying to follow: http://wiki.centos.org/HowTos/Amavisd Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section. It gives the following command and result: cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh But my Centos 6.3 has: clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation: In addition, the clamav user should automatically have been added to the amavis group: # groups clamav clamav : clamav amavis If not, you can manually add clamav to the amavis group: gpasswd -a clamav amavis so I did: gpasswd -a clam amavis So far, it seems just changing what userid is now used by clamav... But in testing for spam I see the following in /var/log/maillog Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n" I checked this directory tree and all along the tree the permissions are to amavis:amavis So where is my permission problem? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> ___ CentOS mailing list >>> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >>> >> ___ CentOS mailing list >> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >> > Can you attach the AVC messages from audit log. > > ausearch -m avc -ts recent > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.13 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlEBkB4ACgkQrlYvE4MpobPzzwCeLiolKq7hzthQKuWaLtLHmQIO > zVYAoOnEBvhNGxlPjIoptc7S5ueP2ev4 > =YNrJ > -END PGP SIGNATURE- > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] permission problems with avamis and Centos 6.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/24/2013 01:15 PM, Robert Moskowitz wrote: > Thank you for your suggestion, but it did not fix the permissions problem. > > On 01/24/2013 10:13 AM, Rob wrote: >> usermod -a -G amavis clam > > How is this different from: > > gpasswd -a clam amavis > > And I am still getting the permissions error. > >> service clamd restart >> >> be happy >> >> On 24.01.2013, at 04:16, Robert Moskowitz wrote: >> >>> I am trying to follow: >>> >>> http://wiki.centos.org/HowTos/Amavisd >>> >>> Which seems to really be written for Centos 5, with just some selinux >>> references for Centos 6. There are real problems here for Centos 6 >>> with the userids section. >>> >>> It gives the following command and result: >>> >>> cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam Anti >>> Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email >>> scan user:/var/amavis:/bin/sh >>> >>> But my Centos 6.3 has: >>> >>> clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin >>> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin >>> >>> Note the difference in userid clam instead of clamav. So this causes >>> problems with the group recommendation: >>> >>> In addition, the clamav user should automatically have been added to >>> the amavis group: >>> >>> # groups clamav clamav : clamav amavis >>> >>> If not, you can manually add clamav to the amavis group: >>> >>> gpasswd -a clamav amavis >>> >>> >>> so I did: >>> >>> gpasswd -a clam amavis >>> >>> >>> So far, it seems just changing what userid is now used by clamav... >>> >>> But in testing for spam I see the following in /var/log/maillog >>> >>> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av >>> (ClamAV-clamd) FAILED - unexpected , >>> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: >>> lstat() failed: Permission denied. ERROR\n" >>> >>> I checked this directory tree and all along the tree the permissions >>> are to amavis:amavis >>> >>> So where is my permission problem? >>> >>> >>> ___ CentOS mailing list >>> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >> ___ CentOS mailing list >> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos >> > > ___ CentOS mailing list > CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos > Can you attach the AVC messages from audit log. ausearch -m avc -ts recent -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEBkB4ACgkQrlYvE4MpobPzzwCeLiolKq7hzthQKuWaLtLHmQIO zVYAoOnEBvhNGxlPjIoptc7S5ueP2ev4 =YNrJ -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] permission problems with avamis and Centos 6.3
On 24.01.2013, at 19:15, Robert Moskowitz wrote: > Thank you for your suggestion, but it did not fix the permissions problem. > > On 01/24/2013 10:13 AM, Rob wrote: >> usermod -a -G amavis clam > > How is this different from: > > gpasswd -a clam amavis > > And I am still getting the permissions error. > >> service clamd restart >> >> be happy >> >> On 24.01.2013, at 04:16, Robert Moskowitz wrote: >> >>> I am trying to follow: >>> >>> http://wiki.centos.org/HowTos/Amavisd >>> >>> Which seems to really be written for Centos 5, with just some selinux >>> references for Centos 6. There are real problems here for Centos 6 with >>> the userids section. >>> >>> It gives the following command and result: >>> >>> cat /etc/passwd | grep "amavis\|clamav" >>> clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin >>> amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh >>> >>> But my Centos 6.3 has: >>> >>> clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin >>> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin >>> >>> Note the difference in userid clam instead of clamav. So this causes >>> problems with the group recommendation: >>> >>> In addition, the clamav user should automatically have been added to the >>> amavis group: >>> >>> # groups clamav >>> clamav : clamav amavis >>> >>> If not, you can manually add clamav to the amavis group: >>> >>> gpasswd -a clamav amavis >>> >>> >>> so I did: >>> >>> gpasswd -a clam amavis >>> >>> >>> So far, it seems just changing what userid is now used by clamav... >>> >>> But in testing for spam I see the following in /var/log/maillog >>> >>> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) >>> FAILED - unexpected , >>> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: >>> lstat() failed: Permission denied. ERROR\n" >>> >>> I checked this directory tree and all along the tree the permissions are >>> to amavis:amavis >>> >>> So where is my permission problem? >>> >>> >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > What are the permission for /var/spool/amavisd. Did you try: service clam stop service clam start Instead of: restart? (it is not the same) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] permission problems with avamis and Centos 6.3
Thank you for your suggestion, but it did not fix the permissions problem. On 01/24/2013 10:13 AM, Rob wrote: > usermod -a -G amavis clam How is this different from: gpasswd -a clam amavis And I am still getting the permissions error. > service clamd restart > > be happy > > On 24.01.2013, at 04:16, Robert Moskowitz wrote: > >> I am trying to follow: >> >> http://wiki.centos.org/HowTos/Amavisd >> >> Which seems to really be written for Centos 5, with just some selinux >> references for Centos 6. There are real problems here for Centos 6 with >> the userids section. >> >> It gives the following command and result: >> >> cat /etc/passwd | grep "amavis\|clamav" >> clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin >> amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh >> >> But my Centos 6.3 has: >> >> clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin >> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin >> >> Note the difference in userid clam instead of clamav. So this causes >> problems with the group recommendation: >> >> In addition, the clamav user should automatically have been added to the >> amavis group: >> >> # groups clamav >> clamav : clamav amavis >> >> If not, you can manually add clamav to the amavis group: >> >> gpasswd -a clamav amavis >> >> >> so I did: >> >> gpasswd -a clam amavis >> >> >> So far, it seems just changing what userid is now used by clamav... >> >> But in testing for spam I see the following in /var/log/maillog >> >> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) >> FAILED - unexpected , >> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: >> lstat() failed: Permission denied. ERROR\n" >> >> I checked this directory tree and all along the tree the permissions are >> to amavis:amavis >> >> So where is my permission problem? >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] permission problems with avamis and Centos 6.3
usermod -a -G amavis clam service clamd restart be happy On 24.01.2013, at 04:16, Robert Moskowitz wrote: > I am trying to follow: > > http://wiki.centos.org/HowTos/Amavisd > > Which seems to really be written for Centos 5, with just some selinux > references for Centos 6. There are real problems here for Centos 6 with > the userids section. > > It gives the following command and result: > > cat /etc/passwd | grep "amavis\|clamav" > clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin > amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh > > But my Centos 6.3 has: > > clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin > amavis:x:493:489::/var/spool/amavisd:/sbin/nologin > > Note the difference in userid clam instead of clamav. So this causes > problems with the group recommendation: > > In addition, the clamav user should automatically have been added to the > amavis group: > > # groups clamav > clamav : clamav amavis > > If not, you can manually add clamav to the amavis group: > > gpasswd -a clamav amavis > > > so I did: > > gpasswd -a clam amavis > > > So far, it seems just changing what userid is now used by clamav... > > But in testing for spam I see the following in /var/log/maillog > > Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) > FAILED - unexpected , > output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: > lstat() failed: Permission denied. ERROR\n" > > I checked this directory tree and all along the tree the permissions are > to amavis:amavis > > So where is my permission problem? > > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
