On Sun, Jun 22, 2008 at 12:05:33PM +0100, Stephen Gran wrote: > This one time, at band camp, Jeff Dairiki said: > > > > Upon further investigation, they root of my problem was that the cron > > job was already running as user 'clamav' when it tried to invoke > > 'invoke-rc.d clamav-daemon restart'. Now, since we're not root, su > > tried to ask for a password (even though we're trying to su to > > ourself) --- that's when it failed with a "no controlling terminal" > > message.
> > Would you be amenable to changing the init script so that it checks > > the current user and does the su only if [ "$(whoami)" != "$User" ]? > > (Or maybe only if [ "$UID" = "0" ].) > > Hmm, I am hoping to avoid adding complexity to the scripts, if I can > help it - they are already fairly baroque in some places :) I'm > assuming this invoke-rc.d call happens in a longer script that you don't > want running as root? You assume correctly. The script checks for and downloads various updated virus databases, and SIGUSR2s clamd if any dbs have been updated. Then it checks clamd's memory usage and restarts it if its RSS has increased past a configured threshold. (Sometimes when clamd reloads its database, its memory usage will aproximately double. This is apparently associated with memory/heap fragmentation. See https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1028 .) > If it's the only thing it does, it would be > easier on me if you just changed it to run as root, but if it does a > bunch of other things, of course that's harder. The part of the cron job which downloads the updated virus dbs, obviously, should not run as root. It's nice to check clamd's RSS from the same script, since the big jumps in RSS are associated with database reloads. I could split my cron script into two parts, one which runs as root, and one which runs as clamav. In all honesty though, out of laziness, I'll probably just continue to manually edit the su out of the clamav-daemon init script. Thanks! Jeff Dairiki -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
