0

I want to start clamd normally as a root user, and assign the local socket to be used by Qmail-Scanner (only). clamd runs as user/group clamav, qmail-scanner-queue as qscand.

$ id -nG clamav
clamav qscand
$ id -nG qscand
qscand

clamd.conf as follows:

$ cat /usr/local/etc/clamd.conf
LocalSocket /tmp/clamav/clamd.socket
LocalSocketGroup qscand
LocalSocketMode 660
User clamav

When I try to start clamd, after a few seconds I get:

# ls -l /tmp/clamav
total 0
# clamd
ERROR: Failed to change socket ownership to group qscand
# ls -l /tmp/clamav
total 0
s--------- 1 clamav clamav 0 2012-12-11 15:57 clamd.socket=
# sudo -u clamav clamd
# ls -l /tmp/clamav
total 0
srw-rw---- 1 clamav qscand 0 2012-12-11 15:57 clamd.socket=

See the funny trick I have to play?

If I start it as root, the program doesn't know after dropping privileges that its effective user is a member of the needed group. But if I start it as user clamav, it works!

I'm using an older linux (Slackware 11.0.0) so after reading docs, and compiling test code, I'm beginning to suspect a library issue with that distribution. Searches reveal people encountering this error in 2010, but no definitive solutions.

Can anyone confirm that clamav should work the way I expect? Or show me the error of my ways ...

dmaestro12
  • 172
  • 1
  • 7
  • It does happen to work great when I start using 'sudo -u' as above - all the configuration and other installation appear fine. – dmaestro12 Dec 12 '12 at 13:09

1 Answers1

1

I now have the configuration exactly as I wish. The behavior is by design; why, I am not sure. Anyway enabling the option "AllowSupplementaryGroups" solved my issue:

$ cat /usr/local/etc/clamd.conf
LocalSocket /tmp/clamav/clamd.socket
LocalSocketGroup qscand
LocalSocketMode 660
User clamav
AllowSupplementaryGroups yes

Now root can start the server without any special tricks.

dmaestro12
  • 172
  • 1
  • 7