robert wrote: > Thank you for such a detailed response John. Unfortunately, an sgid based > solution may not be practical for KlamAV - since the scanner is currently > external to KlamAV (i.e. clamd) and only the source distribution could be > sure of altering the permissions on the binary at install stage. (Unless I'm > missing a trick!) > > So it does sound that the simplest and safest solution is to access dazuko as > root - less user friendly, but definitely safer until I figure a good way of > implementing your recommendation.
I'm not familiar with KlamAV, its relationship to clamd, or how the packages you are refering to are installed. But I don't see why you can't change the permissions of clamd during KlamAV installation. KlamAV could even check to make sure that the permissions are set "correctly" when starting. This is surely easier than trying to run everything as root. I would expect the current clamav (specifically clamuko) maintainer(s) to share your goal of supporting a non-priveledged on-access scanner. Perhaps you can discuss this with them. ?? John Ogness -- Dazuko Maintainer _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
