clamdscan permission issues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Ruslan Kabalin |
Bug Description
Sometimes clamdscan is used as virus check application, which is faster than clamscan as the file is being passed over for scanning to clam daemon. However it requires specific permission settings, namely clamd user that runs daemon should be able to access the file. Changing the file mode to make it readable to others, which is currently in use, is not sufficient in some cases, e.g. when data directory is accessible solely to www-data user. Clamd user will only be able to access the file, if each directory it traverses has exec permission for the matching group (likely 'others' in this case) and able to read the destination file.
To make clamdscan work, I suggest to use --fdpass parameter that passes the file descriptor permissions to clamd, which allows to scan given file irrespective of directory and file permissions (assuming the www-data user who initiates the scan has access to it, which is always the case).
Changed in mahara: | |
status: | New → In Progress |
assignee: | nobody → Ruslan Kabalin (rkabalin) |
Changed in mahara: | |
milestone: | 1.8rc1 → 1.8.0 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
https:/ /reviews. mahara. org/#/c/ 2063/