Strange question on file permission
James Kosin
jkosin at beta.intcomgrp.com
Tue Sep 14 18:32:25 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Dario Lesca,
Dario Lesca wrote:
| A strange question:
I think my answer will be even stranger..... WHY?
|
| 1) Process /usr/sbin/clamd run with user qscand
| # ps -fe |grep clamd
| qscand 32117 1 0 19:19 ? 00:00:00 /usr/sbin/clamd
clamd can be run by almost anyone. The application by default changes
the user based on the config file for clamd after starting. This was so
a user could not crash clamav and gain root privilages. (At least I
think that was the reasoning)
|
| 2) User "qscand" have this ID:
| # id qscand
| uid=111(qscand) gid=111(qscand) gruppi=111(qscand),46(clamav)
|
| 3) the log file have this permission:
| # ll /var/log/clamav/clamd.log
| -rw-r----- 1 clamav clamav 2581 14 set 19:19 /var/log/clamav/clamd.log
|
| 4) When i restart the process the message logs enter in to clamd.log
| file
| # date
| mar set 14 19:33:58 CEST 2004
| # service clamd restart
| Stopping Clam AV daemon: [ OK ]
| Starting Clam AV daemon: [ OK ]
| # tail -1 /var/log/clamav/clamd.log
| Tue Sep 14 19:34:02 2004 -> Self checking every 3600 seconds.
|
| Question: How can the process /usr/sbin/clamd write in this file???
Look at the configuration file!!!
|
| On RedHat 9 the process it does not succeed to write in to file
| clamd.log since i do a "chmod g+w clamd.log"
|
| Please .... some suggest...
|
| Many thanks
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBRzk4c7lFLjBWKW0RArr1AJ0TIz81OyEHucxom/RGSD2H3kjGMgCglcUc
w45xQGK1CNWlBG5PC7lZRSA=
=Pfim
-----END PGP SIGNATURE-----
More information about the users
mailing list