General Thankyou (still diagnosing fault)
Dave Filchak
submit at zuka.net
Mon Jan 12 04:27:48 GMT 2009
Dave Filchak wrote:
> Julian
>
> Dave Filchak wrote:
>> Julian,
>>
>> Julian Field wrote:
>>>
>>>
>>> On 11/1/09 21:17, Dave Filchak wrote:
>>>> Jules,
>>>>
>>>> Julian Field wrote:
>>>>>
>>>>>
>>>>> On 11/1/09 20:16, Dave Filchak wrote:
>>>>>> Jules
>>>>>>
>>>>>> Julian Field wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 11/1/09 19:03, Dave Filchak wrote:
>>>>>>>> Kai,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Dave Filchak wrote:
>>>>>>>>> Kai,
>>>>>>>>>
>>>>>>>>> Kai Schaetzl wrote:
>>>>>>>>>> Dave Filchak wrote on Fri, 09 Jan 2009 14:06:02 -0500:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> So I checked the permissions there and the Locks directory
>>>>>>>>>>> is owned by postfix.root and the locks inside are all owned
>>>>>>>>>>> by root.root.
>>>>>>>>>>
>>>>>>>>>> That is *all* wrong. Reread the tutorials for MS+postfix and
>>>>>>>>>> for MS+clamd (you are using clamd, right).
>>>>>>>>>>
>>>>>>>>>> /var/spool/MailScanner/incoming/Locks l
>>>>>>>>>> total 16
>>>>>>>>>> drwxr-x--- 2 root postfix 4096 Jan 9 23:03 .
>>>>>>>>>> drwxr-xr-x 5 postfix clamav 4096 Jan 9 23:04 ..
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 antivirBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avastBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 avgBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31
>>>>>>>>>> bitdefenderBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 100 Jan 9 23:05 clamavBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 cssBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 esetsBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 etrustBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-prot-6Busy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-protBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 f-secureBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 genericBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 inoculanBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31
>>>>>>>>>> kasperskyBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 mcafeeBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Jan 7 16:51
>>>>>>>>>> MS.bayes.rebuild.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Jan 9 23:03
>>>>>>>>>> MS.bayes.starting.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 nod32Busy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 normanBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 pandaBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 ravBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 sophosBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31
>>>>>>>>>> symscanengineBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 trendBusy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vba32Busy.lock
>>>>>>>>>> -rw------- 1 postfix postfix 0 Dec 11 17:31 vexiraBusy.lock
>>>>>>>>>>
>>>>>>>>>> Kai
>>>>>>>>>>
>>>>>>>>> Well I will definitely reread these. I never specifically set
>>>>>>>>> these permissions anywhere. One would thing that these would
>>>>>>>>> be created by the settings in MailScanner.conf .. wouldn't
>>>>>>>>> you? There is no specific alternate user settings in
>>>>>>>>> spamassassin so .... something is setting these permissions
>>>>>>>>> this way.
>>>>>>>>>
>>>>>>>> I have gone through the tutorials a few times and I seem to
>>>>>>>> have everything set up correctly yet .... something keeps
>>>>>>>> reseting the permissions in the Locks directory back to the
>>>>>>>> following:
>>>>>>> It will be being clobbered by the update_virus_scanners cron job
>>>>>>> which is run once per hour. Please can you mail me an exact copy
>>>>>>> (preferably gzipped) of your MailScanner.conf file. Have you
>>>>>>> moved that file from its default location or anything like that?
>>>>>>> It should pull out the "Run As User" and "Run As Group" from
>>>>>>> MailScanner.conf and use those values to set the ownership of
>>>>>>> the lock files. Clearly something is going wrong there.
>>>>>>>
>>>>>>> Copy and paste the following commands into a shell running as
>>>>>>> root. Beware of extra line-breaks that my mail program or your
>>>>>>> mail program may add into the following, hopefully they'll be okay.
>>>>>>>
>>>>>>> LOCKDIR=`perl -n -e 'print "$_" if chomp &&
>>>>>>> s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i'
>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>> RUNASU=`perl -n -e 'print "$_" if chomp &&
>>>>>>> s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i'
>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>> RUNASG=`perl -n -e 'print "$_" if chomp &&
>>>>>>> s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i'
>>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>>> echo $LOCKDIR
>>>>>>> echo $RUNASU
>>>>>>> echo $RUNASG
>>>>>>> /usr/sbin/mailscanner_create_locks "$LOCKDIR" "$RUNASU" "$RUNASG"
>>>>>>>
>>>>>>> Then show me what you get from
>>>>>>> ls -al $LOCKDIR
>>>>>>> assuming that the "echo $LOCKDIR" command printed out the
>>>>>>> directory where your lock files are stored (i.e. normally
>>>>>>> /var/spool/MailScanner/incoming/Locks).
>>>>>>
>>>>>> I have emailed you my conf file.
>>> That looks fine.
>>>>>> Here is the output from your scripts:
>>>>>>
>>>>>> [root at rosewood MailScanner]# LOCKDIR=`perl -n -e 'print "$_" if
>>>>>> chomp && s/^\s*Lock\s*file\s*Dir\s*=\s*(\S+)/$1/i'
>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>> [root at rosewood MailScanner]# RUNASU=`perl -n -e 'print "$_" if
>>>>>> chomp && s/^\s*Run\s*As\s*User\s*=\s*(\S+)/$1/i'
>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>> [root at rosewood MailScanner]# RUNASG=`perl -n -e 'print "$_" if
>>>>>> chomp && s/^\s*Run\s*As\s*Group\s*=\s*(\S+)/$1/i'
>>>>>> /etc/MailScanner/MailScanner.conf`
>>>>>> [root at rosewood MailScanner]# echo $LOCKDIR
>>>>>> /var/spool/MailScanner/incoming/Locks
>>>>>> [root at rosewood MailScanner]# echo $RUNASU
>>>>>> postfix
>>>>>> [root at rosewood MailScanner]# echo $RUNASG
>>>>>> postfix
>>>>> That all looks good. As root,
>>>>> rm -rf /var/spool/MailScanner/incoming/Locks
>>>>> and then
>>>>> /usr/sbin/update_virus_scanners
>>>>> and then show me an
>>>>> ls -al /var/spool/MailScanner/incoming/Locks
>>>>>
>>>>> The files in there should be owned by postfix. Let's see if that's
>>>>> true.
>>>>>
>>>> OK .. deleted the Locks directory, ran update_virus_scanners and got:
>>>>
>>>> ls -al /var/spool/MailScanner/incoming/Locks/
>>>> total 8
>>>> drwxr-x--- 2 root root 4096 Jan 11 16:13 .
>>>> drwxrwx--- 7 postfix clamav 4096 Jan 11 16:14 ..
>>>> -rw------- 1 root root 0 Jan 11 16:13 antivirBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 avastBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 avgBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 bitdefenderBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 clamavBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 cssBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 esetsBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 etrustBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 f-prot-6Busy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 f-protBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 f-secureBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 genericBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 inoculanBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 kasperskyBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 mcafeeBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.rebuild.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 MS.bayes.starting.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 nod32Busy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 normanBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 pandaBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 ravBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 sophosBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 symscanengineBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 trendBusy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 vba32Busy.lock
>>>> -rw------- 1 root root 0 Jan 11 16:13 vexiraBusy.lock
>>>>
>>>>
>>>> Still root.
>>> Hmmm...
>>>
>>> 1
>>> I want to be sure there are no weird options for the mount that
>>> supplies this directory. Do this:
>>> cd /var/spool/MailScanner/incoming
>>> df -h .
>>> mount
>>> ls -ld Locks
>>> (all as root).
>>> Also, paste the contents of your /etc/fstab file into your reply to
>>> this mail.
>>>
>>> 2
>>> Also, please can you make a little edit to your
>>> /usr/sbin/mailscanner_create_locks script.
>>> Near the top you will see a line that says this:
>>> my $ldgid = getgrnam($ldgname);
>>> That's about line 17. Immediately after that line, add this line:
>>> print STDERR "lduid = $lduid, ldgid = $ldgid\n";
>>> and let's just check that it is getting the UID and GID correctly,
>>> as failure to do that would cause your symptoms.
>>> Run
>>> /usr/sbin/mailscanner_create_locks
>>> /var/spool/MailScanner/incoming/Locks postfix postfix
>>> (all of that on 1 line) and include the output in your reply,
>>> and do another
>>> ls -al /var/spool/MailScanner/incoming/Locks
>>> to see if anything has improved.
>>>
>>> 3
>>> If that still isn't working, right at the end of the script there
>>> are a couple of "chown" lines. Change the first one to read
>>> chown -1, $ldgid, $locksdirname or warn "Chown1: $!";
>>> and the second one to read
>>> chown $lduid, $ldgid, @locknames or warn "Chown2: $!";
>>> and then run the mailscanner_create_locks command I gave above. Let
>>> me know if it prints anything, and what it says if it does.
>>>
>>> 4
>>> That lot should give me a better idea of what's going on.
>>
>> cd /var/spool/MailScanner/incoming/
>> [root at rosewood incoming]# df -h .
>> Filesystem Size Used Avail Use% Mounted on
>> /dev/hdb1 111G 15G 91G 14% /var
>> [root at rosewood incoming]# mount
>> /dev/sda5 on / type ext3 (rw)
>> none on /proc type proc (rw)
>> none on /sys type sysfs (rw)
>> none on /dev/pts type devpts (rw,gid=5,mode=620)
>> usbfs on /proc/bus/usb type usbfs (rw)
>> /dev/sda1 on /boot type ext3 (rw)
>> none on /dev/shm type tmpfs (rw)
>> /dev/sda2 on /home type ext3 (rw)
>> /dev/sdb1 on /usr type ext3 (rw)
>> /dev/hdb1 on /var type ext3 (rw)
>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
>> sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
>> [root at rosewood incoming]# ls -ld Locks
>> drwxr-x--- 2 root root 4096 Jan 11 16:13 Locks
>>
>> FSTAB:
>>
>> LABEL=/ / ext3
>> defaults 1 1
>> LABEL=/boot /boot ext3
>> defaults 1 2
>> none /dev/pts devpts
>> gid=5,mode=620 0 0
>> none /dev/shm tmpfs
>> defaults 0 0
>> LABEL=/home /home ext3
>> defaults 1 2
>> none /proc proc
>> defaults 0 0
>> none /sys sysfs
>> defaults 0 0
>> LABEL=/usr /usr ext3
>> defaults 1 2
>> LABEL=/var /var ext3
>> defaults 1 2
>> LABEL=SWAP-sda3 swap swap
>> defaults 0 0
>> /dev/hda /media/cdrecorder auto
>> pamconsole,exec,noauto,managed 0 0
>>
>> /usr/sbin/mailscanner_create_locks
>> /var/spool/MailScanner/incoming/Locks postfix postfix
>> lduid = 80, ldgid = 80
>> [root at rosewood sbin]# ls -al /var/spool/MailScanner/incoming/Locks
>> total 8
>> drwxr-x--- 2 root postfix 4096 Jan 11 16:13 .
>> drwxrwx--- 7 postfix clamav 4096 Jan 11 22:18 ..
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 antivirBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avastBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 avgBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 bitdefenderBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 clamavBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 cssBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 esetsBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 etrustBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-prot-6Busy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-protBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 f-secureBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 genericBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 inoculanBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 kasperskyBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 mcafeeBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.rebuild.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 MS.bayes.starting.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 nod32Busy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 normanBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 pandaBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 ravBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 sophosBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 symscanengineBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 trendBusy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vba32Busy.lock
>> -rw------- 1 postfix postfix 0 Jan 11 16:13 vexiraBusy.lock
>>
>> I did not do your last request as this shows the proper ownership.
>> The questions is: will it hold?
>>
>> Let me know if you still want me to do that last bit.
>>
>> Sorry it took a while to get back to you. I had to run out for a bit.
>>
>> Dave
>>
> Just so you know ... it all went back to being owned by root when
> update_virus_scanner ran from cron again. This is the email I received:
>
> /etc/cron.hourly/update_virus_scanners:
>
> lduid = , ldgid =
Given the above, I made the last little change you suggested and ran it
again, like so:
/usr/sbin/mailscanner_create_locks /var/spool/MailScanner/incoming/Locks
postfix postfix
lduid = 80, ldgid = 80
The second line is what it output. After that, all the permissions in
the Locks directory went back to postfix. Again, will it hold?
Dave
>
>
<snip>
More information about the MailScanner
mailing list