Bug 1284253 - permissions on /var/run/clamd.scan directory should be 755 not 710
Summary: permissions on /var/run/clamd.scan directory should be 755 not 710
Keywords:
Status: CLOSED DUPLICATE of bug 787434
Alias: None
Product: Fedora
Classification: Fedora
Component: clamav
Version: 28
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Sergio Monteiro Basto
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-11-22 12:26 UTC by dan
Modified: 2018-07-18 01:11 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-18 01:11:09 UTC


Attachments (Terms of Use)

Description dan 2015-11-22 12:26:42 UTC
Description of problem:  Freshclam does not provide a systemctl service file.  Additionally, the distributed clamd@.service and clamd@scan.service file structure does not seem to make sense.  And there is a permission issue with the directory containing the socket file which causes failures.

To workaround, create a /usr/lib/systemd/system/clam-freshclam.service file:

[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

There are two distributed clamd@*.service files distrbuted, clamd@.service and clamd@scan.service.  clamd@.service is not a valid unit name.

clamd@scan.service seems to simply include clamd@.service and add an [Install] section.

On my system I enable and start clamd@scan.service.

Lastly, there is a directory permissions issue if the clamd socket file is created at /var/run/clamd.scan/clamd.sock as specified by /etc/clamd.d/scan.conf.  When /var/run/clamd.scan is created is it not world readable and executable by default.  This causes permission related issues until a chmod 755 /var/run/clamd.scan is run.

Please let me know if I can supply additional data.

Comment 1 Robert Scheck 2015-11-22 20:51:32 UTC
Is the cronjob shipped by default not good enough? And if so, why?

Comment 2 dan 2015-11-22 22:36:50 UTC
@Robert...for some reason my database was not updating and I overlooked the cronjob.  I will disable the freshclam systemd process, verify the cronjob and withdraw that part of this report for the time being.

Any thoughts on the structure of the clamd@scan and clamd@ service files and including setting the directory permission for the socket in the systemd file?

Comment 3 dan 2015-11-23 13:45:41 UTC
Suggested resolution for the permissions on /var/run/clamd.scan.

/etc/tmpfiles.d/clamd.scan.conf currently contains:

d /var/run/clamd.scan 0710 clamscan clamscan

This should be changed to:

d /var/run/clamd.scan 0755 clamscan clamscan

Comment 4 dan 2015-11-27 14:04:51 UTC
Updated title to reflect current outstanding issue.

Comment 5 Fedora End Of Life 2016-07-19 19:59:32 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 6 Sergio Monteiro Basto 2017-12-24 15:59:30 UTC
to review

Comment 7 Fedora End Of Life 2018-02-20 15:28:16 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle.
Changing version to '28'.

Comment 8 Sergio Monteiro Basto 2018-07-18 01:11:09 UTC
Latest conclusions and resume starts here: https://bugzilla.redhat.com/show_bug.cgi?id=787434#c47

*** This bug has been marked as a duplicate of bug 787434 ***


Note You need to log in before you can comment on or make changes to this bug.