Re: issue with volatile clamav and/or freshclam
On Sun, Jun 22, 2008 at 12:05:33PM +0100, Stephen Gran wrote:
> This one time, at band camp, Jeff Dairiki said:
> >
> > Upon further investigation, they root of my problem was that the cron
> > job was already running as user 'clamav' when it tried to invoke
> > 'invoke-rc.d clamav-daemon restart'. Now, since we're not root, su
> > tried to ask for a password (even though we're trying to su to
> > ourself) --- that's when it failed with a "no controlling terminal"
> > message.
> > Would you be amenable to changing the init script so that it checks
> > the current user and does the su only if [ "$(whoami)" != "$User" ]?
> > (Or maybe only if [ "$UID" = "0" ].)
>
> Hmm, I am hoping to avoid adding complexity to the scripts, if I can
> help it - they are already fairly baroque in some places :) I'm
> assuming this invoke-rc.d call happens in a longer script that you don't
> want running as root?
You assume correctly. The script checks for and downloads various
updated virus databases, and SIGUSR2s clamd if any dbs have been
updated. Then it checks clamd's memory usage and restarts it if its
RSS has increased past a configured threshold. (Sometimes when clamd
reloads its database, its memory usage will aproximately double. This
is apparently associated with memory/heap fragmentation. See
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1028 .)
> If it's the only thing it does, it would be
> easier on me if you just changed it to run as root, but if it does a
> bunch of other things, of course that's harder.
The part of the cron job which downloads the updated virus dbs, obviously,
should not run as root. It's nice to check clamd's RSS from the same
script, since the big jumps in RSS are associated with database reloads.
I could split my cron script into two parts, one which runs as root, and
one which runs as clamav. In all honesty though, out of laziness, I'll
probably just continue to manually edit the su out of the clamav-daemon
init script.
Thanks!
Jeff Dairiki
Reply to: