-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2/11/2016 3:54 AM, Bill Maidment wrote: > > -----Original message----- >> From:Richard Laager <[email protected]> Sent: Thursday 11th >> February 2016 18:22 To: [email protected] >> Subject: Re: [Mimedefang] Permissions on /varspool/MIMEDefang >> >> On 02/10/2016 11:01 PM, Bill Maidment wrote: >>> Hi After your most recent release I have had problems with the >>> permissions on /var/spool/MIMEDefang being reset to 0750 after >>> a reboot. I need the permission to be 0770 to allow for clamd >>> scanner to use the directory. I eventually discovered this line >>> in /usr/lib/tmpfiles.d/mimedefang.conf z >>> /var/spool/MD-Quarantine 0750 defang defang - - >> >> `grep -r tmpfiles.d mimedefang-2.78` returns nothing for me. Are >> you sure this isn't coming from your distro's package of >> MIMEDefang? >> > > It may be coming from EPEL (the packager), but the file is > mimedefang.conf not mimedefang-2.78 > >> Also, /var/spool/MIMEDefang and /var/spool/MD-Quarantine aren't >> the same thing. >> > > I meant /var/spool/MIMEDefang > >> And in any event, why would clamd need to write to >> /var/spool/MIMEDefang? >> > > It's where clamd@scan wants to store the clamd.sock when > communicating with mimedefang.
In /etc/sysconfig/mimedefang, what's the current setting for MD_ALLOW_GROUP_ACCESS? If group access is currently not allowed, then working files created by MIMEDefang will not be created group readable irrespective of spool directory permissions. I recommend configuring MIMEDefang to use the default ClamAV socket file location, adding the clam user (clam or clamav usually) to the "defang" group and enabling AllowSupplementaryGroups in clamd.conf; that way MIMEDefang and ClamAV can easily be independently updated without clobbering each other. - ---- Nels Lindquist -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAla+EH8ACgkQh6z5POoOLgRWEgCgyrJuALyLd+Z4GD9wSF8ZlX4H omsAn0rrvWueC5gdXAkvLjLfDnxirCQ3 =PYWS -----END PGP SIGNATURE----- _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
