Stephen Gran wrote: > I have to say that's very strange. Can you strace a startup of > freshclam for me? I don't remember any umask calls in the database > writing code, but maybe I'm missing something. > > Thanks,
Stephen, Sorry for the delay on this (Christmas, New Year, etc), but I finally had some time to do more debugging. I did a purge of all clamav packages again and a fresh install. After a fresh install, I have the following: # ls -ld /var/lib/clamav/ drwxr-xr-x 3 clamav clamav 67 2008-01-04 19:15 /var/lib/clamav/ # ls -l /var/lib/clamav/ -rw------- 1 clamav clamav 513074 2008-01-04 19:15 daily.cvd -rw-r--r-- 1 root root 11347852 2008-01-04 19:15 main.cvd -rw------- 1 clamav clamav 52 2008-01-04 19:15 mirrors.dat I stopped the running freshclam process with /etc/init.d/clamav-freshclam stop If I remove daily.cvd to force a fresh download and then run freshclam manually (as root), the permission on the newly downloaded file is correct (unlike the original right after install). # ls -l /var/lib/clamav/ -rw-r--r-- 1 clamav clamav 513074 2008-01-04 19:19 daily.cvd -rw-r--r-- 1 root root 11347852 2008-01-04 19:15 main.cvd -rw------- 1 clamav clamav 156 2008-01-04 19:19 mirrors.dat So it doesn't look like a problem with freshclam itself. However, in /etc/init.d/clamav-freshclam, freshclam is started on line 197 with the command ===== su "$DatabaseOwner" -p -s /bin/sh -c ". /lib/lsb/init-functions && start_daemon $DAEMON -d --quiet" ===== $DatabaseOwner is "clamav", and I see the following behavior if I manually try that action broken up into several steps: # id uid=0(root) gid=0(root) groups=0(root) # umask 0022 # su clamav -p -s /bin/sh $ id uid=108(clamav) gid=108(clamav) groups=108(clamav) $ umask 0077 If I then remove daily.cvd and run freshclam from this clamav shell, the resulting daily.cvd has mode 600. So the source of the problem appears to be the umask changing to 0077 when the script su's to the clamav user. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
