This one time, at band camp, Jeff Dairiki said: > On Sat, Jun 21, 2008 at 03:50:36PM +0300, Jari Jokinen wrote: > > > > I fixed the issue by changing this line in the init script: > > > > su "$User" -p -s /bin/sh -c ". /lib/lsb/init-functions && \ > > start_daemon -p $THEPIDFILE $DAEMON" > > > > to: > > > > . /lib/lsb/init-functions && start_daemon -p "$THEPIDFILE" "$DAEMON" > > The su was giving me grief as well, though for a different reason. > > It seems that su fails if there is no controlling terminal. This > was making it impossible to successfully run, e.g., > 'invoke-rc.d clamav-daemon restart' from a cron script. su fails without a controlling terminal? That's the first I've heard of this, and I see it in other maintainer scripts run from cron, so I'm not sure that's accurate. If you have a repeatable test case, can you file a bug with steps to reproduce? > (To fix this I changed the 'su "$User" ...' line to just > > start_daemon -p "$THEPIDFILE" "$DAEMON" > > Init-functions is sourced near the top of the init script, so doesn't > need to be sourced again.) > > > So, my question is: why the su command is there and is it essential? > > I am interested in the answer to this question as well. It appears that > clamd changes its uid all by itself, even when run (as root) without su. > Is there some reason that the su is necessary? It does, but they've change the order of startup events several times during development, and at some points it would do things like create it's socket, pidfile or logfile, or read databases in before dropping privileges. I think most of the ordering issues are worked out now, but given the security record, I'd prefer to have clamd do nothing as root if at all possible. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature