ID #1136

clamav a qmail-scanner

Bezny postup - spustit clamav pod uzivatelem qscand = neprakticke, pri aktualizacich se uzivatel prepise zpet...

Podle textu:
http://qmail.jms1.net/clamav-qms.shtml

Uprava qmail-scanner-queue.pl tak, aby fungoval s uzivatelem clamav/spamd:
1) pridat uzivatele do skupiny qscand 
# usermod -G qscand clamav
# usermod -G qscand spamd

2) upravy v qmail-scanner-queue.pl (zakomentovany puvodni radek)
a) 
if ( $opt_v ) {
   &show_version; 
   exit 0; 
}

chdir($scandir); 
#umask(0077); 
umask(0027);

if (! -d "$scandir/tmp") { 
#   mkdir("$scandir/tmp",0700) || &error_condition("cannot create $scandir/tmp - $!");      
   mkdir("$scandir/tmp",0750) || &error_condition("cannot create $scandir/tmp - $!"); 
}
b) 
&debug("setting UID to EUID so subprocesses can access files generated by this script"); 
$< = $>; # set real to effective uid 
#$( = $); # set real to effective gid 
$( = $); # set real to effective gid
c) 
&debug("w_c: mkdir $ENV{'TMPDIR'}"); 
#mkdir("$ENV{'TMPDIR'}",0700)||&error_condition("$ENV{'TMPDIR'} exists - try again later...");  
mkdir("$ENV{'TMPDIR'}",0750)||&error_condition("$ENV{'TMPDIR'} exists - try again later...");  
chdir("$ENV{'TMPDIR'}")||&error_condition("cannot chdir to $ENV{'TMPDIR'}/");

3) nastavit prava pro script 
# cd /var/qmail/bin
# chmod 6755 qmail-scanner-queue.pl  (if you have setuid perl)
# chmod 6755 qmail-scanner-queue  (if you DON'T have setuid perl)

4) zkontrolovat prava souboru + adresaru ve /var/spool/qmailscan
bylo treba nastavit vlastnika + prava pro adresar tmp, atd... 
# chown qscand:qscand /var/spool/qmailscan/tmp
# chmod 770 /var/spool/qmailscan/tmp

Značky: -

Související záznamy:

Můžete přidat komentář k odpovědi