Dennis Peterson wrote the following on 9/22/2007 1:59 PM -0800:
> Bill Landry wrote
>
>> I have 2 script users that created a unique a uid/gid pair for clamav,
>> then used the non-default uid/gid pair to build clamav and for clamd to
>> run under. However, these same 2 users are the only ones that I know of
>> that are experiencing the "ERROR: Can't write to temporary directory"
>> issue when running the script without first creating a temp directory,
>> setting the access permissions to the same uid/gid clamav was configured
>> to use, and then adding the "--tempdir=" to the clamscan directive in
>> the script.
>>
>> Also, both users are executing the script via cron under the root
>> account. So, what appears to be happening is that if someone uses a
>> unique uid/gid pair when configuring clamav, clamav is not setting that
>> uid/gid pair everywhere in the clamscan code, which is why I was
>> attempting to save the temp files to see what clamav was setting the
>> access permissions to. But alias, no such luck, as clamscan deletes the
>> temp file even when the "--leave-temps" flag is used... :-(
>>
>> Bill
>>
>>
>
> If those users are not root then any tmp files will be owned by the
> user. If you use truss or what ever tracing tool you have you can pipe
> to grep ^open to see what files are opened and where. Once you know this
> you can inspect the various locations to see if permissions are too
> strict. I did this earlier on one of my Solaris systems:
>
I understand, but in this case both users are executing the script via
cron under the root account. I have also had both users su to root and
try manually executing:
clamscan -d /var/tmp/rsync/MSRBL-Images.hdb - < /dev/null
and still they get the "ERROR: Can't write to temporary directory".
However, like I said, if they create a temporary directory and apply
access permissions for the same uid/gid they configured clamav to use,
and then add the "--tempdir=" flag as follows:
clamscan --tempdir=/path/to/temp-dir -d
/var/tmp/rsync/MSRBL-Images.hdb - < /dev/null
then all is well.
Bill
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
