[Mimedefang] Permissions on /varspool/MIMEDefang
Nels Lindquist
nlindq at maei.ca
Fri Feb 12 12:04:01 EST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/11/2016 3:54 AM, Bill Maidment wrote:
>
> -----Original message-----
>> From:Richard Laager <rlaager at wiktel.com> Sent: Thursday 11th
>> February 2016 18:22 To: mimedefang at lists.roaringpenguin.com
>> Subject: Re: [Mimedefang] Permissions on /varspool/MIMEDefang
>>
>> On 02/10/2016 11:01 PM, Bill Maidment wrote:
>>> Hi After your most recent release I have had problems with the
>>> permissions on /var/spool/MIMEDefang being reset to 0750 after
>>> a reboot. I need the permission to be 0770 to allow for clamd
>>> scanner to use the directory. I eventually discovered this line
>>> in /usr/lib/tmpfiles.d/mimedefang.conf z
>>> /var/spool/MD-Quarantine 0750 defang defang - -
>>
>> `grep -r tmpfiles.d mimedefang-2.78` returns nothing for me. Are
>> you sure this isn't coming from your distro's package of
>> MIMEDefang?
>>
>
> It may be coming from EPEL (the packager), but the file is
> mimedefang.conf not mimedefang-2.78
>
>> Also, /var/spool/MIMEDefang and /var/spool/MD-Quarantine aren't
>> the same thing.
>>
>
> I meant /var/spool/MIMEDefang
>
>> And in any event, why would clamd need to write to
>> /var/spool/MIMEDefang?
>>
>
> It's where clamd at scan wants to store the clamd.sock when
> communicating with mimedefang.
In /etc/sysconfig/mimedefang, what's the current setting for
MD_ALLOW_GROUP_ACCESS?
If group access is currently not allowed, then working files created
by MIMEDefang will not be created group readable irrespective of spool
directory permissions.
I recommend configuring MIMEDefang to use the default ClamAV socket
file location, adding the clam user (clam or clamav usually) to the
"defang" group and enabling AllowSupplementaryGroups in clamd.conf;
that way MIMEDefang and ClamAV can easily be independently updated
without clobbering each other.
- ----
Nels Lindquist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
iEYEARECAAYFAla+EH8ACgkQh6z5POoOLgRWEgCgyrJuALyLd+Z4GD9wSF8ZlX4H
omsAn0rrvWueC5gdXAkvLjLfDnxirCQ3
=PYWS
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list