Hi Stephen, Thanks for the answers!
On Sun, Jun 22, 2008 at 01:29:31AM +0100, Stephen Gran wrote: > This one time, at band camp, Jeff Dairiki said: > > > > It seems that su fails if there is no controlling terminal. This > > was making it impossible to successfully run, e.g., > > 'invoke-rc.d clamav-daemon restart' from a cron script. > > su fails without a controlling terminal? That's the first I've heard of > this, and I see it in other maintainer scripts run from cron, so I'm not > sure that's accurate. If you have a repeatable test case, can you file > a bug with steps to reproduce? Upon further investigation, they root of my problem was that the cron job was already running as user 'clamav' when it tried to invoke 'invoke-rc.d clamav-daemon restart'. Now, since we're not root, su tried to ask for a password (even though we're trying to su to ourself) --- that's when it failed with a "no controlling terminal" message. > > > So, my question is: why the su command is there and is it essential? > > > > I am interested in the answer to this question as well. It appears that > > clamd changes its uid all by itself, even when run (as root) without su. > > Is there some reason that the su is necessary? > > It does, but they've change the order of startup events several times > during development, and at some points it would do things like create > it's socket, pidfile or logfile, or read databases in before dropping > privileges. I think most of the ordering issues are worked out now, > but given the security record, I'd prefer to have clamd do nothing as > root if at all possible. Aha. That makes sense, I guess. Would you be amenable to changing the init script so that it checks the current user and does the su only if [ "$(whoami)" != "$User" ]? (Or maybe only if [ "$UID" = "0" ].) Jeff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
