inline and at tail ... On 7/2/2011 9:45 PM, Cameron Simpson wrote:
On 02Jul2011 20:40, Paul Allen Newell<pnewell@xxxxxxxxxx> wrote: [...] Am I mistaken in thinking that I | can run any *.sh file in ~root in rc.local and it will be run as root | (meaning no permission problems). That should be the case. (Of course, SELinux can break anything - if you run out of ideas you could turn it off to see if the behaviour changes.)
Will respond via Joe Zeff's email ...
| Line in /etc/rc.d/rc.local: | /root/virus-scan.sh> /dev/null 2>&1 Throwing away the output will not help your diagnosis. Try this: /root/virus-scan.sh>/root/rc-local-virus.out 2>/root/rc-local-virus.err and see what shows up.
See attachment for both *.out and *.err, plus the actual virus-scan.sh script and the rc.local file
| Summary of version in ~root/virus-scan.sh | #!/bin/sh | COMMON_DIRS="/home /tmp" # skipping all /bin /sbin et al for this test | /usr/bin/clamscan -ri $COMMON_DIRS --log="/var/log/clamscan.log" | | Contents of log show /home as "can't open" and certain files in /tmp as | "Permission denied" Weird. Try putting some stuff at the start of virus-scan.sh: set -x pwd id You can then verify that it is running as root and where. The -x will let you check the command line of clamscan is correct.
In *.out and *.err attachments
Thought: is clamscan setuid or something? If you get nowhere there, try stracing the clamscan run: strace -e trace=file /usr/bin/clamscan ...args..here... 2>/root/strace.out and you should get to see exactly what clamscan is doing, filewise. Cheers,
Not certain about this last bit .. are your suggesting that I put the strace command in the rc.local? As for the "setuid" comment, I need to plead ignorance and ask not only for a bit of education about what you are saying but a guide as to how to ascertain what you are questioning.
Thanks, Paul
#!/bin/sh ####################### # per linux forum for debuggin # set -x pwd id # Create the log file if needed # CLAM_LOG="/var/log/clamscan.log" if [ ! -f "$CLAM_LOG" ]; then touch "$CLAM_LOG" chmod 644 "$CLAM_LOG" chown clamav.clamav "$CLAM_LOG" fi # ######################## # Setup paths to be scanned, these are based on author's $PATH which Paul has # changed to reflect his system(s) # #COMMON_DIRS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /usr/kerberos/bin /usr/kerberos/sbin /usr/lib/qt* /home /tmp" #COMMON_DIRS="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /home /tmp" COMMON_DIRS_1="/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin" COMMON_DIRS_2="/home" COMMON_DIRS_3="/tmp" # ######################## # Start the scan and mail to root (change as needed) # #/usr/bin/clamscan -ri $COMMON_DIRS --log="$CLAM_LOG" | mail -s virus-scan.`date +%d%b%y_%k%M` root@localhost paul@localhost /usr/bin/clamscan -ri $COMMON_DIRS_1 --log="$CLAM_LOG" | mail -s virus-scan_1.`date +%d%b%y_%k%M` root@localhost paul@localhost /usr/bin/clamscan -v --debug -ri $COMMON_DIRS_2 --log="$CLAM_LOG" | mail -s virus-scan_2.`date +%d%b%y_%k%M` root@localhost paul@localhost /usr/bin/clamscan -v --debug -ri $COMMON_DIRS_3 --log="$CLAM_LOG" | mail -s virus-scan_3.`date +%d%b%y_%k%M` root@localhost paul@localhost #
#!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local freshclam -d -c 2 -l /var/log/clam-update.log #/root/virus-scan.sh > dev/null 2>&1 /root/virus-scan.sh >/root/rc-local-virus.out 2>/root/rc-local-virus.err
+ pwd + id + CLAM_LOG=/var/log/clamscan.log + '[' '!' -f /var/log/clamscan.log ']' + COMMON_DIRS_1='/bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin' + COMMON_DIRS_2=/home + COMMON_DIRS_3=/tmp + /usr/bin/clamscan -ri /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin --log=/var/log/clamscan.log ++ date +%d%b%y_%k%M + mail -s virus-scan_1.02Jul11_2202 root@localhost paul@localhost + /usr/bin/clamscan -v --debug -ri /home --log=/var/log/clamscan.log ++ date +%d%b%y_%k%M + mail -s virus-scan_2.02Jul11_2202 root@localhost paul@localhost + /usr/bin/clamscan -v --debug -ri /tmp --log=/var/log/clamscan.log ++ date +%d%b%y_%k%M + mail -s virus-scan_3.02Jul11_2202 root@localhost paul@localhost
/ uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
