[Mimedefang] MD and ClamD
Les Mikesell
les at futuresource.com
Wed Dec 4 09:14:01 EST 2002
>From: "Kristof Petr" <Kristof.P at fce.vutbr.cz>
> > I think you should simply run clamav as the defang user, and leave the
> > permissions as-is.
> >
>
> There is not mimedefang-only world. The another applications
> needs use clamd.
>
> Running all programs (or system daemons) under same user ID
> will back us to DOS era.
It is the same issue you face with any daemon program: you want
to give it the minimal permissions that allow it to accomplish its
task. In this case, MimeDefang needs to be able to write to
its socket and clamd needs to be able read the files written by
MimeDefang. Running as the same user is the easy way to
allow this without allowing much additional damage from
problems in either program. If your clamd needs to do unrelated
work, you have to decide if you want to run another instance
under a similar restricted user id or set up a group that allows
both, or if you have to run it as root to access all the needed files.
--
Les Mikesell
les at futuresource.com
More information about the MIMEDefang
mailing list