Hi, >> clamd runs as user amavis.amavis, which is who should own >> /var/lib/clamav and the files within, correct? And >> /var/lib/clamav-unofficial-sigs is owned by clamupdate.clamupdate. >> >> freshclam.conf has the database owner set to amavis. > > I actually just finished a from-scratch setup like this, however, I'd > recommend not > changing the default permissions/ownership of package files. I'd put all the > ClamAV stuff > back to it's original ownership, add the user clamd runs as to the amavis > group, and set > the "AllowSupplementalGroups" option to "yes" in the clamd.conf file. For the > places where > they intereact, you then just need to make sure the amavis directories are > accessible by > the amavis group.
I've enabled AllowSupplementalGroups, and the DatabaseOwner is clamupdate, as per the default. I've also added amavis (the clamd user) to the clamupdate group. However, freshclam still fails to communicate with clamd with "connect(): Permission denied" because the socket is owned by amavis. # ls -l /var/spool/amavisd/clamd.sock srw-rw-rw- 1 amavis amavis 0 Nov 21 23:28 /var/spool/amavisd/clamd.sock # grep clam /etc/group /etc/passwd /etc/group:clamupdate:x:498:amavis /etc/passwd:clamupdate:x:498:498:Clamav database update user:/var/lib/clamav:/bin/bash # ls -ld /var/lib/clamav* drwxr-xr-x. 2 clamupdate clamupdate 4096 Nov 24 00:45 /var/lib/clamav drwxr-xr-x. 9 clamupdate clamupdate 4096 Nov 18 00:45 /var/lib/clamav-unofficial-sigs I'd really appreciate if someone had some ideas to share on how to resolve these permissions issues. Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
