Bill Landry wrote:
> Dennis Peterson wrote the following on 9/22/2007 12:40 PM -0800:
>> Bill Landry wrote:
>>
>>
>>> Thoughts anyone...?
>>>
>>> I would also still like to know if there is a way to determine the
>>> uid/gid set during ./configure after clamav has been installed at the
>>> original build directory deleted.
>>>
>>> Thanks,
>>>
>>> Bill
>>>
>> Unless you are running clamscan as root the owner will be who ever
>> started the process running regardless of the defined uid/gid.
>>
>> ./configure --help offers:
>>
>> --with-user=uid name of the clamav user (default=clamav)
>> --with-group=gid name of the clamav group (default=clamav)
>> --disable-clamav disable test for clamav user/group
>>
>> It is possible that the default user is undefined in the case where you
>> disable the test and allow using a non-existing account name.
>>
>
> I have 2 script users that created a unique a uid/gid pair for clamav,
> then used the non-default uid/gid pair to build clamav and for clamd to
> run under. However, these same 2 users are the only ones that I know of
> that are experiencing the "ERROR: Can't write to temporary directory"
> issue when running the script without first creating a temp directory,
> setting the access permissions to the same uid/gid clamav was configured
> to use, and then adding the "--tempdir=" to the clamscan directive in
> the script.
>
> Also, both users are executing the script via cron under the root
> account. So, what appears to be happening is that if someone uses a
> unique uid/gid pair when configuring clamav, clamav is not setting that
> uid/gid pair everywhere in the clamscan code, which is why I was
> attempting to save the temp files to see what clamav was setting the
> access permissions to. But alias, no such luck, as clamscan deletes the
> temp file even when the "--leave-temps" flag is used... :-(
>
> Bill
>
If those users are not root then any tmp files will be owned by the
user. If you use truss or what ever tracing tool you have you can pipe
to grep ^open to see what files are opened and where. Once you know this
you can inspect the various locations to see if permissions are too
strict. I did this earlier on one of my Solaris systems:
truss clamscan clam.exe >/tmp/truss.out 2>&1
I got this when I searched for ^open:
awk '/^open/ {print $1}' /tmp/truss.out|sort -u
open("/usr/lib/libbz2.so.1",
open("/usr/lib/libc.so.1",
open("/usr/lib/libdl.so.1",
open("/usr/lib/libgcc_s.so.1",
open("/usr/lib/libmp.so.2",
open("/usr/lib/libnsl.so.1",
open("/usr/lib/libpthread.so.1",
open("/usr/lib/libsocket.so.1",
open("/usr/lib/libthread.so.1",
open("/usr/local/etc/clamd.conf",
open("/usr/local/lib/libbz2.so.1",
open("/usr/local/lib/libc.so.1",
open("/usr/local/lib/libclamav.so.2",
open("/usr/local/lib/libgcc_s.so.1",
open("/usr/local/lib/libgmp.so.3",
open("/usr/local/lib/libiconv.so.2",
open("/usr/local/lib/libnsl.so.1",
open("/usr/local/lib/libpcre.so.0",
open("/usr/local/lib/libpcreposix.so.0",
open("/usr/local/lib/libpthread.so.1",
open("/usr/local/lib/libsocket.so.1",
open("/usr/local/lib/libz.so",
open("/usr/local/share/clamav",
open("/usr/local/share/clamav/.dbLock",
open("/usr/local/share/clamav/MSRBL-Images.hdb",
open("/usr/local/share/clamav/MSRBL-SPAM.ndb",
open("/usr/local/share/clamav/daily.inc",
open("/usr/local/share/clamav/daily.inc/.dbLock",
open("/usr/local/share/clamav/daily.inc/daily.cfg",
open("/usr/local/share/clamav/daily.inc/daily.db",
open("/usr/local/share/clamav/daily.inc/daily.fp",
open("/usr/local/share/clamav/daily.inc/daily.hdb",
open("/usr/local/share/clamav/daily.inc/daily.hdu",
open("/usr/local/share/clamav/daily.inc/daily.mdb",
open("/usr/local/share/clamav/daily.inc/daily.mdu",
open("/usr/local/share/clamav/daily.inc/daily.ndb",
open("/usr/local/share/clamav/daily.inc/daily.ndu",
open("/usr/local/share/clamav/daily.inc/daily.pdb",
open("/usr/local/share/clamav/daily.inc/daily.wdb",
open("/usr/local/share/clamav/daily.inc/daily.zmd",
open("/usr/local/share/clamav/main.cvd",
open("/usr/local/share/clamav/phish.ndb",
open("/usr/local/share/clamav/scam.ndb",
open("/usr/local/share/clamav/vx.hdb",
open("/usr/local/ssl/lib/libc.so.1",
open("/usr/platform/SUNW,UltraSPARC-IIi-cEngine/lib/libc_psr.so.1",
open("/var/ld/ld.config",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/COPYING",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.db",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.fp",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.hdb",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.info",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.mdb",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.ndb",
open("/var/tmp//clamav-f90088fbc83891f9e230bfcfab5b3884/main.zmd",
open("/var/tmp/clamav-f90088fbc83891f9e230bfcfab5b3884/.dbLock",
open("clam.exe",
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
