On Thu, Jun 09, 2005 at 09:19:22AM +0100, Matt Fretwell said:
Steve Brown wrote:
It would appear that maybe privileges are being dropped too quickly
because with today's cvs I'm getting permission denied on /dev/stderr
with perms = rw--- root.root. It was fine (and still is) on cvs from
a few days ago.
Yes, that is the problem. This does however fix the problem of clamav
opening all it's descriptors (including the logfile) as root, breaking
permissions for anything else that needs to write to the logfile.
Try starting it as the user it runs as, e.g.,
su -c /usr/sbin/clamd - clamav
Probably the correct fix for this is to close all descriptors just
before dropping priviledges, and then reopen them after.
Unless I am very much mistaken, the perms on stderr should be 666.
I doubt that - 0600 is much more reasonable. Why would you want your
stderr stream (or root's) to be world writable? Some distros do use
640 $USER:tty, but I would be surprised if anybody sets it up as 666 by
default.
--
--
| Stephen Gran | Woman was God's second mistake. --|
| [EMAIL PROTECTED] | Nietzsche |
| http://www.lobefin.net/~steve | |
--
pgpEu2i72RwWS.pgp
Description: PGP signature
___
http://lurker.clamav.net/list/clamav-users.html
