General Thankyou (still diagnosing fault)

Dave Filchak submit at zuka.net
Mon Jan 12 04:27:48 GMT 2009


Dave Filchak wrote:
> Julian
>
> Dave Filchak wrote:
>> Julian,
>>
>> Julian Field wrote:
>>>
>>>
>>> On 11/1/09 21:17, Dave Filchak wrote:
>>>> Jules,
>>>>
>>>> Julian Field wrote:
>>>>>
>>>>>
>>>>> On 11/1/09 20:16, Dave Filchak wrote:
>>>>>> Jules
>>>>>>
>>>>>> Julian Field wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 11/1/09 19:03, Dave Filchak wrote:
>>>>>>>> Kai,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Dave Filchak wrote:
>>>>>>>>> Kai,
>>>>>>>>>
>>>>>>>>> Kai Schaetzl wrote:
>>>>>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> So I checked the permissions there and the Locks directory 
>>>>>>>>>>> is owned by postfix.root and the locks inside are all owned 
>>>>>>>>>>> by root.root.
>>>>>>>>>>
>>>>>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and 
>>>>>>>>>> for MS+clamd (you are using clamd, right).
>>>>>>>>>>
>>>>>>>>>> /var/spool/MailScanner/incoming/Locks l
>>>>>>>>>> total 16
>>>>>>>>>> drwxr-x--- 2 root    postfix 4096 Jan  9 23:03 .
>>>>>>>>>> drwxr-xr-x 5 postfix clamav  4096 Jan  9 23:04 ..
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 antivirBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 avastBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 avgBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 
>>>>>>>>>> bitdefenderBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix  100 Jan  9 23:05 clamavBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 cssBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 esetsBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 etrustBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 f-prot-6Busy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 f-protBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 f-secureBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 genericBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 inoculanBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 
>>>>>>>>>> kasperskyBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 mcafeeBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Jan  7 16:51 
>>>>>>>>>> MS.bayes.rebuild.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Jan  9 23:03 
>>>>>>>>>> MS.bayes.starting.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 nod32Busy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 normanBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 pandaBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 ravBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 sophosBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 
>>>>>>>>>> symscanengineBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 trendBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 vba32Busy.lock
>>>>>>>>>> -rw------- 1 postfix postfix    0 Dec 11 17:31 vexiraBusy.lock
>>>>>>>>>>
>>>>>>>>>> Kai
>>>>>>>>>>
>>>>>>>>> Well I will definitely reread these. I never specifically set 
>>>>>>>>> these permissions anywhere. One would thing that these would 
>>>>>>>>> be created by the settings in MailScanner.conf .. wouldn't 
>>>>>>>>> you? There is no specific alternate user settings in 
>>>>>>>>> spamassassin so  .... something is setting these permissions 
>>>>>>>>> this way.
>>>>>>>>>
>>>>>>>> I have gone through the tutorials a few times and I seem to 
>>>>>>>> have everything set up correctly yet .... something keeps 
>>>>>>>> reseting the permissions in the Locks directory back to the 
>>>>>>>> following:
>>>>>>> It will be being clobbered by the update_virus_scanners cron job 
>>>>>>> which is run once per hour. Please can you mail me an exact copy 
>>>>>>> (preferably gzipped) of your MailScanner.conf file. Have you 
>>>>>>> moved that file from its default location or anything like that? 
>>>>>>> It should pull out the "Run As User" and "Run As Group" from 
>>>>>>> MailScanner.conf and use those values to set the ownership of 
>>>>>>> the lock files. Clearly something is going wrong there.
>>>>>>>
>>>>>>> Copy and paste the following commands into a shell running as 
>>>>>>> root. Beware of extra line-breaks that my mail program or your 
>>>>>>> mail program may add into the following, hopefully they'll be okay.
>>>>>>>
>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp && 
>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' 
>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp && 
>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' 
>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp && 
>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' 
>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>> echo $LOCKDIR
>>>>>>> echo $RUNASU
>>>>>>> echo $RUNASG
>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG"
>>>>>>>
>>>>>>> Then show me what you get from
>>>>>>>     ls -al $LOCKDIR
>>>>>>> assuming that the "echo $LOCKDIR" command printed out the 
>>>>>>> directory where your lock files are stored (i.e. normally 
>>>>>>> /var/spool/MailScanner/incoming/Locks).
>>>>>>
>>>>>> I have emailed you my conf file. 
>>> That looks fine.
>>>>>> Here is the output from your scripts:
>>>>>>
>>>>>> [root at rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if 
>>>>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i' 
>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>> [root at rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if 
>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i' 
>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>> [root at rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if 
>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i' 
>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>> [root at rosewood MailScanner]# echo $LOCKDIR
>>>>>> /var/spool/MailScanner/incoming/Locks
>>>>>> [root at rosewood MailScanner]# echo $RUNASU
>>>>>> postfix
>>>>>> [root at rosewood MailScanner]# echo $RUNASG
>>>>>> postfix
>>>>> That all looks good. As root,
>>>>>     rm -rf /var/spool/MailScanner/incoming/Locks
>>>>> and then
>>>>>     /usr/sbin/update_virus_scanners
>>>>> and then show me an
>>>>>     ls -al /var/spool/MailScanner/incoming/Locks
>>>>>
>>>>> The files in there should be owned by postfix. Let's see if that's 
>>>>> true.
>>>>>
>>>> OK .. deleted the Locks directory, ran update_virus_scanners and got:
>>>>
>>>> ls -al /var/spool/MailScanner/incoming/Locks/
>>>> total 8
>>>> drwxr-x---  2 root    root   4096 Jan 11 16:13 .
>>>> drwxrwx---  7 postfix clamav 4096 Jan 11 16:14 ..
>>>> -rw-------  1 root    root      0 Jan 11 16:13 antivirBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 avastBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 avgBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 bitdefenderBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 clamavBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 cssBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 esetsBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 etrustBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 f-prot-6Busy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 f-protBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 f-secureBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 genericBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 inoculanBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 kasperskyBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 mcafeeBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 MS.bayes.rebuild.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 MS.bayes.starting.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 nod32Busy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 normanBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 pandaBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 ravBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 sophosBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 symscanengineBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 trendBusy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 vba32Busy.lock
>>>> -rw-------  1 root    root      0 Jan 11 16:13 vexiraBusy.lock
>>>>
>>>>
>>>> Still root.
>>> Hmmm...
>>>
>>> 1
>>> I want to be sure there are no weird options for the mount that 
>>> supplies this directory. Do this:
>>>     cd /var/spool/MailScanner/incoming
>>>     df -h .
>>>     mount
>>>     ls -ld Locks
>>> (all as root).
>>> Also, paste the contents of your /etc/fstab file into your reply to 
>>> this mail.
>>>
>>> 2
>>> Also, please can you make a little edit to your 
>>> /usr/sbin/mailscanner_create_locks script.
>>> Near the top you will see a line that says this:
>>> my $ldgid = getgrnam($ldgname);
>>> That's about line 17. Immediately after that line, add this line:
>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n";
>>> and let's just check that it is getting the UID and GID correctly, 
>>> as failure to do that would cause your symptoms.
>>> Run
>>> /usr/sbin/mailscanner_create_locks 
>>> /var/spool/MailScanner/incoming/Locks postfix postfix
>>> (all of that on 1 line) and include the output in your reply,
>>> and do another
>>>     ls -al /var/spool/MailScanner/incoming/Locks
>>> to see if anything has improved.
>>>
>>> 3
>>> If that still isn't working, right at the end of the script there 
>>> are a couple of "chown" lines. Change the first one to read
>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!";
>>> and the second one to read
>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!";
>>> and then run the mailscanner_create_locks command I gave above. Let 
>>> me know if it prints anything, and what it says if it does.
>>>
>>> 4
>>> That lot should give me a better idea of what's going on.
>>
>> cd /var/spool/MailScanner/incoming/
>> [root at rosewood incoming]#  df -h .
>> Filesystem            Size  Used Avail Use% Mounted on
>> /dev/hdb1             111G   15G   91G  14% /var
>> [root at rosewood incoming]# mount
>> /dev/sda5 on / type ext3 (rw)
>> none on /proc type proc (rw)
>> none on /sys type sysfs (rw)
>> none on /dev/pts type devpts (rw,gid=5,mode=620)
>> usbfs on /proc/bus/usb type usbfs (rw)
>> /dev/sda1 on /boot type ext3 (rw)
>> none on /dev/shm type tmpfs (rw)
>> /dev/sda2 on /home type ext3 (rw)
>> /dev/sdb1 on /usr type ext3 (rw)
>> /dev/hdb1 on /var type ext3 (rw)
>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
>> [root at rosewood incoming]# ls -ld Locks
>> drwxr-x---  2 root root 4096 Jan 11 16:13 Locks
>>
>> FSTAB:
>>
>> LABEL=/                 /                       ext3    
>> defaults        1 1
>> LABEL=/boot             /boot                   ext3    
>> defaults        1 2
>> none                    /dev/pts                devpts  
>> gid=5,mode=620  0 0
>> none                    /dev/shm                tmpfs   
>> defaults        0 0
>> LABEL=/home             /home                   ext3    
>> defaults        1 2
>> none                    /proc                   proc    
>> defaults        0 0
>> none                    /sys                    sysfs   
>> defaults        0 0
>> LABEL=/usr              /usr                    ext3    
>> defaults        1 2
>> LABEL=/var              /var                    ext3    
>> defaults        1 2
>> LABEL=SWAP-sda3         swap                    swap    
>> defaults        0 0
>> /dev/hda                /media/cdrecorder       auto    
>> pamconsole,exec,noauto,managed 0 0
>>
>> /usr/sbin/mailscanner_create_locks 
>> /var/spool/MailScanner/incoming/Locks postfix postfix
>> lduid = 80, ldgid = 80
>> [root at rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks
>> total 8
>> drwxr-x---  2 root    postfix 4096 Jan 11 16:13 .
>> drwxrwx---  7 postfix clamav  4096 Jan 11 22:18 ..
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 antivirBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 avastBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 avgBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 bitdefenderBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 clamavBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 cssBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 esetsBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 etrustBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 f-prot-6Busy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 f-protBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 f-secureBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 genericBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 inoculanBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 kasperskyBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 mcafeeBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 MS.bayes.rebuild.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 MS.bayes.starting.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 nod32Busy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 normanBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 pandaBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 ravBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 sophosBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 symscanengineBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 trendBusy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 vba32Busy.lock
>> -rw-------  1 postfix postfix    0 Jan 11 16:13 vexiraBusy.lock
>>
>> I did not do your last request as this shows the proper ownership. 
>> The questions is: will it hold?
>>
>> Let me know if you still want me to do that last bit.
>>
>> Sorry it took a while to get back to you. I had to run out for a bit.
>>
>> Dave
>>
> Just so you know ... it all went back to being owned by root when 
> update_virus_scanner ran from cron again. This is the email I received:
>
> /etc/cron.hourly/update_virus_scanners:
>
> lduid = , ldgid =
Given the above, I made the last little change you suggested and ran it 
again, like so:

/usr/sbin/mailscanner_create_locks /var/spool/MailScanner/incoming/Locks 
postfix postfix
lduid = 80, ldgid = 80

The second line is what it output. After that, all the permissions in 
the Locks directory went back to postfix. Again, will it hold?

Dave
>
>
<snip>


More information about the MailScanner mailing list