-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Dario Lesca, Dario Lesca wrote: | A strange question: I think my answer will be even stranger..... WHY? | | 1) Process /usr/sbin/clamd run with user qscand | # ps -fe |grep clamd | qscand 32117 1 0 19:19 ? 00:00:00 /usr/sbin/clamd clamd can be run by almost anyone. The application by default changes the user based on the config file for clamd after starting. This was so a user could not crash clamav and gain root privilages. (At least I think that was the reasoning) | | 2) User "qscand" have this ID: | # id qscand | uid=111(qscand) gid=111(qscand) gruppi=111(qscand),46(clamav) | | 3) the log file have this permission: | # ll /var/log/clamav/clamd.log | -rw-r----- 1 clamav clamav 2581 14 set 19:19 /var/log/clamav/clamd.log | | 4) When i restart the process the message logs enter in to clamd.log | file | # date | mar set 14 19:33:58 CEST 2004 | # service clamd restart | Stopping Clam AV daemon: [ OK ] | Starting Clam AV daemon: [ OK ] | # tail -1 /var/log/clamav/clamd.log | Tue Sep 14 19:34:02 2004 -> Self checking every 3600 seconds. | | Question: How can the process /usr/sbin/clamd write in this file??? Look at the configuration file!!! | | On RedHat 9 the process it does not succeed to write in to file | clamd.log since i do a "chmod g+w clamd.log" | | Please .... some suggest... | | Many thanks | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBRzk4c7lFLjBWKW0RArr1AJ0TIz81OyEHucxom/RGSD2H3kjGMgCglcUc w45xQGK1CNWlBG5PC7lZRSA= =Pfim -----END PGP SIGNATURE-----
