rc.local question/problem

Paul Allen Newell pnewell at cs.cmu.edu
Sun Jul 3 05:24:26 UTC 2011 

inline and at tail ...

On 7/2/2011 9:45 PM, Cameron Simpson wrote:
> On 02Jul2011 20:40, Paul Allen Newell<pnewell at cs.cmu.edu>  wrote:
> [...] Am I mistaken in thinking that I
> | can run any *.sh file in ~root in rc.local and it will be run as root
> | (meaning no permission problems).
>
> That should be the case. (Of course, SELinux can break anything - if you
> run out of ideas you could turn it off to see if the behaviour changes.)

Will respond via Joe Zeff's email ...
> | Line in /etc/rc.d/rc.local:
> | /root/virus-scan.sh>  /dev/null 2>&1
>
> Throwing away the output will not help your diagnosis. Try this:
>
>    /root/virus-scan.sh>/root/rc-local-virus.out 2>/root/rc-local-virus.err
>
> and see what shows up.

See attachment for both *.out and *.err, plus the actual virus-scan.sh 
script and the rc.local file


> | Summary of version in ~root/virus-scan.sh
> | #!/bin/sh
> | COMMON_DIRS="/home /tmp" # skipping all /bin /sbin et al for this test
> | /usr/bin/clamscan -ri $COMMON_DIRS --log="/var/log/clamscan.log"
> |
> | Contents of log show /home as "can't open" and certain files in /tmp as
> | "Permission denied"
>
> Weird.
>
> Try putting some stuff at the start of virus-scan.sh:
>
>    set -x
>    pwd
>    id
>
> You can then verify that it is running as root and where.
> The -x will let you check the command line of clamscan is correct.

In *.out and *.err attachments
> Thought: is clamscan setuid or something?
>
> If you get nowhere there, try stracing the clamscan run:
>
>    strace -e trace=file /usr/bin/clamscan ...args..here...  2>/root/strace.out
>
> and you should get to see exactly what clamscan is doing, filewise.
>
> Cheers,

Not certain about this last bit .. are your suggesting that I put the 
strace command in the rc.local? As for the "setuid" comment, I need to 
plead ignorance and ask not only for a bit of education about what you 
are saying but a guide as to how to ascertain what you are questioning.

Thanks,
Paul
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: virus-scan.sh
Url: http://lists.fedoraproject.org/pipermail/users/attachments/20110702/c78f9389/attachment.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rc.local
Url: http://lists.fedoraproject.org/pipermail/users/attachments/20110702/c78f9389/attachment-0001.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rc-local-virus.err
Url: http://lists.fedoraproject.org/pipermail/users/attachments/20110702/c78f9389/attachment-0002.pl 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: rc-local-virus.out
Url: http://lists.fedoraproject.org/pipermail/users/attachments/20110702/c78f9389/attachment-0003.pl

More information about the users mailing list