Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Issue starting clamd

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


jcasale at ActiveNetwerx

Jan 1, 2008, 1:39 PM

Post #1 of 7 (876 views)
Permalink
Issue starting clamd

I did a yum install from rpmforge of the 0.92 release under CentOS 5.1 and created the users using the pdf document as guide. If I issue #service clamd start it errors out with "ERROR: Unable to open file or directory". I have searched the mailing list archives and it seems this is a common configuration error. I do believe my perms are right? If I start clamd by #sudo -u clamav clamd, it starts and functions correctly?

Reading the docs, root needs to start clamd for the service to drop to a non privileged user, so why can't root start clamd in my config? If user clamav can start it, it surely mustn't be a perms issue?

Sorry if I have missed something obvious, I am new Linux in general.

Thanks for any direction,
jlc
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


ged at jubileegroup

Jan 2, 2008, 3:26 AM

Post #2 of 7 (832 views)
Permalink
Re: Issue starting clamd [In reply to]

Hi there,

On Wed, 2 Jan 2008 Joseph L. Casale wrote:

> I did a yum install from rpmforge of the 0.92 release under CentOS
> 5.1 and created the users using the pdf document as guide. If I
> issue #service clamd start it errors out with "ERROR: Unable to open
> file or directory". I have searched the mailing list archives and it
> seems this is a common configuration error. I do believe my perms
> are right? If I start clamd by #sudo -u clamav clamd, it starts and
> functions correctly?
>
> Reading the docs, root needs to start clamd for the service to drop
> to a non privileged user, so why can't root start clamd in my
> config?

Root can do anything. :)

> If user clamav can start it, it surely mustn't be a perms issue?

No, it does sound like a permissions problem. Presumably when root
runs 'service clamd start' the configuration that it's using tells
root to give clamd the permissions of some user other than clamav,
or it actually needs some other permissions than those of clamav.

I'm not familiar with CentOS, but I gather it's based on RedHat so you
might find what you're looking for in /etc/rc.d or /etc/sysconfig or
somewhere like that.

Alternatively you could just run clamd (and freshclam?) in rc.local and
remove the service, but I don't know if that's good advice or not. :)

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


t.schmidt at phoenixsoftware

Jan 2, 2008, 3:40 AM

Post #3 of 7 (832 views)
Permalink
Re: Issue starting clamd [In reply to]

G.W. Haywood schrieb:
>
> On Wed, 2 Jan 2008 Joseph L. Casale wrote:
>
>> Reading the docs, root needs to start clamd for the service to drop
>> to a non privileged user, so why can't root start clamd in my
>> config?
>
> Root can do anything. :)

Not on CentOS it can't. CentOS has SELinux enabled by default.

HTH
T.

--
Tilman Schmidt
Abteilungsleiter Technik
------------------------------------------------------------------------
Phoenix Software GmbH Tel. +49 228 97199 0
Geschäftsführer: W. Grießl Fax +49 228 97199 99
Adolf-Hombitzer-Str. 12 www.phoenixsoftware.de
53227 Bonn, Germany Amtsgericht Bonn HRB 2934
------------------------------------------------------------------------
Attachments: signature.asc (0.24 KB)


jcasale at ActiveNetwerx

Jan 2, 2008, 5:23 AM

Post #4 of 7 (833 views)
Permalink
Re: Issue starting clamd [In reply to]

>Not on CentOS it can't. CentOS has SELinux enabled by default.
>
>HTH
>T.

Yup, that was the ticket. Looking on rpmforge's mailing list there was an issue raised about the package not setting up selinux correctly, and had a fix that involved integration with amavisd. I don't have amavisd, so I didn't follow it, I disabled selinux until I figure out what to do :(

Thanks,
jlc

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


subscribed-lists at sterndata

Jan 2, 2008, 5:37 AM

Post #5 of 7 (831 views)
Permalink
Re: Issue starting clamd [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/02/2008 07:23 AM, Joseph L. Casale wrote:
>> Not on CentOS it can't. CentOS has SELinux enabled by default.
>>
>> HTH
>> T.
>
> Yup, that was the ticket. Looking on rpmforge's mailing list there was an issue raised about the package not setting up selinux correctly, and had a fix that involved integration with amavisd. I don't have amavisd, so I didn't follow it, I disabled selinux until I figure out what to do :(
>
> Thanks,
> jlc
>


As root

audit2allow -M mypol -i /var/log/audit/audit.log
semodule -i mypol.pp

This will go through your audit log and enable everything blocked by
SELINUX. (It's a good idea to make sure that you want everything
blocked so far permitted.)

- --

Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHe5O2eERILVgMyvARAqFCAJ9ykBxQP7f1kzWZXOStwMUfTNsBagCcCY30
apYvqTDOWYDRMt8YskEXrQ8=
=AgNL
-----END PGP SIGNATURE-----
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


jcasale at ActiveNetwerx

Jan 2, 2008, 6:30 PM

Post #6 of 7 (834 views)
Permalink
Re: Issue starting clamd [In reply to]

>As root
>
> audit2allow -M mypol -i /var/log/audit/audit.log
> semodule -i mypol.pp
>
>This will go through your audit log and enable everything blocked by
>SELINUX. (It's a good idea to make sure that you want everything
>blocked so far permitted.)
>
>- --
>
> Steve

Thanks Steve,
I'll try this on the weekend!

jlc
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


jcasale at ActiveNetwerx

Jan 4, 2008, 8:49 PM

Post #7 of 7 (829 views)
Permalink
Re: Issue starting clamd [In reply to]

>As root
>
> audit2allow -M mypol -i /var/log/audit/audit.log
> semodule -i mypol.pp
>
>This will go through your audit log and enable everything blocked by
>SELINUX. (It's a good idea to make sure that you want everything
>blocked so far permitted.)
>
>- --
>
> Steve


Steve,
This opened up a can of never ending newer selinux messages that didn't stop after like 6 updates :)

I was trying to follow the mods suggested in rpmforge list a few months ago but I had troubles compiling and installing the selinux module.

Thanks,
jlc
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.