Bug 1284253 - permissions on /var/run/clamd.scan directory should be 755 not 710
permissions on /var/run/clamd.scan directory should be 755 not 710
Status: NEW
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
rawhide
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Sergio Monteiro Basto
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-22 07:26 EST by dan
Modified: 2018-02-02 15:21 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-19 15:59:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description dan 2015-11-22 07:26:42 EST
Description of problem:  Freshclam does not provide a systemctl service file.  Additionally, the distributed clamd@.service and clamd@scan.service file structure does not seem to make sense.  And there is a permission issue with the directory containing the socket file which causes failures.

To workaround, create a /usr/lib/systemd/system/clam-freshclam.service file:

[Unit]
Description = freshclam scanner
After = network.target

[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true

[Install]
WantedBy=multi-user.target

There are two distributed clamd@*.service files distrbuted, clamd@.service and clamd@scan.service.  clamd@.service is not a valid unit name.

clamd@scan.service seems to simply include clamd@.service and add an [Install] section.

On my system I enable and start clamd@scan.service.

Lastly, there is a directory permissions issue if the clamd socket file is created at /var/run/clamd.scan/clamd.sock as specified by /etc/clamd.d/scan.conf.  When /var/run/clamd.scan is created is it not world readable and executable by default.  This causes permission related issues until a chmod 755 /var/run/clamd.scan is run.

Please let me know if I can supply additional data.
Comment 1 Robert Scheck 2015-11-22 15:51:32 EST
Is the cronjob shipped by default not good enough? And if so, why?
Comment 2 dan 2015-11-22 17:36:50 EST
@Robert...for some reason my database was not updating and I overlooked the cronjob.  I will disable the freshclam systemd process, verify the cronjob and withdraw that part of this report for the time being.

Any thoughts on the structure of the clamd@scan and clamd@ service files and including setting the directory permission for the socket in the systemd file?
Comment 3 dan 2015-11-23 08:45:41 EST
Suggested resolution for the permissions on /var/run/clamd.scan.

/etc/tmpfiles.d/clamd.scan.conf currently contains:

d /var/run/clamd.scan 0710 clamscan clamscan

This should be changed to:

d /var/run/clamd.scan 0755 clamscan clamscan
Comment 4 dan 2015-11-27 09:04:51 EST
Updated title to reflect current outstanding issue.
Comment 5 Fedora End Of Life 2016-07-19 15:59:32 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 6 Sergio Monteiro Basto 2017-12-24 10:59:30 EST
to review

Note You need to log in before you can comment on or make changes to this bug.