Bug 1284253 - permissions on /var/run/clamd.scan directory should be 755 not 710
permissions on /var/run/clamd.scan directory should be 755 not 710
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
22
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Nick Bebout
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-22 07:26 EST by dan
Modified: 2016-07-19 15:59 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 15:59:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description dan 2015-11-22 07:26:42 EST
Description of problem:  Freshclam does not provide a systemctl service file.  Additionally, the distributed clamd@.service and clamd@scan.service file structure does not seem to make sense.  And there is a permission issue with the directory containing the socket file which causes failures.

To workaround, create a /usr/lib/systemd/system/clam-freshclam.service file:

[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

There are two distributed clamd@*.service files distrbuted, clamd@.service and clamd@scan.service.  clamd@.service is not a valid unit name.

clamd@scan.service seems to simply include clamd@.service and add an [Install] section.

On my system I enable and start clamd@scan.service.

Lastly, there is a directory permissions issue if the clamd socket file is created at /var/run/clamd.scan/clamd.sock as specified by /etc/clamd.d/scan.conf.  When /var/run/clamd.scan is created is it not world readable and executable by default.  This causes permission related issues until a chmod 755 /var/run/clamd.scan is run.

Please let me know if I can supply additional data.
Comment 1 Robert Scheck 2015-11-22 15:51:32 EST
Is the cronjob shipped by default not good enough? And if so, why?
Comment 2 dan 2015-11-22 17:36:50 EST
@Robert...for some reason my database was not updating and I overlooked the cronjob.  I will disable the freshclam systemd process, verify the cronjob and withdraw that part of this report for the time being.

Any thoughts on the structure of the clamd@scan and clamd@ service files and including setting the directory permission for the socket in the systemd file?
Comment 3 dan 2015-11-23 08:45:41 EST
Suggested resolution for the permissions on /var/run/clamd.scan.

/etc/tmpfiles.d/clamd.scan.conf currently contains:

d /var/run/clamd.scan 0710 clamscan clamscan

This should be changed to:

d /var/run/clamd.scan 0755 clamscan clamscan
Comment 4 dan 2015-11-27 09:04:51 EST
Updated title to reflect current outstanding issue.
Comment 5 Fedora End Of Life 2016-07-19 15:59:32 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.