Strange question on file permission
d.lesca at solinos.it
Tue Sep 14 22:09:00 UTC 2004
James Kosin disse:
> clamd can be run by almost anyone. The application by default changes
> the user based on the config file for clamd after starting. This was so
> a user could not crash clamav and gain root privilages. (At least I
> think that was the reasoning)
Yes, the application start whit root permission and then change the user
whit a new user based on the config file, this is my setting:
[root at sisborgo log]# grep -i user /etc/clamav.conf
# Run as selected user (clamd must be started by root).
therefore the application run whit permission of user "qscand" and NOT the
user "clamav", owner of file clamav.log
[root at sisborgo log]# ps -fea|grep clamd
qscand 2840 1 0 Sep13 ? 00:00:05 /usr/sbin/clamd
[root at sisborgo log]# lsof -u qscand|grep clamd.log
clamd 2840 qscand 3w REG 58,3 5413 60860 \
[root at sisborgo log]# ls -l /var/log/clamav/clamd.log
-rw-r----- 1 clamav clamav 5413 14 set 21:58 /var/log/clamav/clamd.log
then: the process "clamd" running with permission of user "qscand" write
the clamd.log file with the write permission only for user "clamav".
> | Question: How can the process /usr/sbin/clamd write in this file???
> Look at the configuration file!!!
Into configuration files I have found that the process run whit permission
of user "qscand" and clamd would not have to be able to write into
Probably the file clamd.log is opened when the user is "root", before
modifying the user from "root" to "qscand".
If I ask to process to re-opening log file (killall -HUP clamd, for log
rotation) the file it does not opened.
Therefore the lsof tell lies!
the clamd.log file is non opened from "qscand" but "root" ... this could
be a problem?
Many thanks, and sorry for my bad english
More information about the users