(#787434) modify group of /var/run/clamd.scan

After 6 years and reading some reports as bug #787434, #1284253, we need that /var/run/clamd.scan can be read from oher users, changing directory ownerchip to virusgroup, makes clamilt and users of virusgroup group, access to directory and read the socket. This solution also assure that regular user don't have access to the directory .
2018-07-29 07:01:58 +01:00 · 2018-07-29 07:01:58 +01:00 · f1713618d1
commit f1713618d1
parent 8ee8f4650d
1 changed files with 3 additions and 3 deletions
--- a/clamav.spec
+++ b/clamav.spec
@ -509,7 +509,7 @@ install -D -p -m 0644 %SOURCE410 $RPM_BUILD_ROOT%_sysconfdir/init/clamd.scan.con
 install -D -p -m 0644 %SOURCE430 $RPM_BUILD_ROOT%_unitdir/clamd@scan.service

 cat << EOF > $RPM_BUILD_ROOT%_tmpfilesdir/clamd.scan.conf
-d %scanstatedir 0710 %scanuser %scanuser
+d %scanstatedir 0710 %scanuser virusgroup
 EOF

 touch $RPM_BUILD_ROOT%scanstatedir/clamd.{sock,pid}
@ -759,9 +759,9 @@ test "$1"  = 0 || %_initrddir/clamav-milter condrestart >/dev/null || :
 %ghost %scanstatedir/clamd.sock
 %if %{with tmpfiles}
  %_tmpfilesdir/clamd.scan.conf
-  %ghost %dir %attr(0710,%scanuser,%scanuser) %scanstatedir
+  %ghost %dir %attr(0710,%scanuser,virusgroup) %scanstatedir
 %else
-  %dir %attr(0710,%scanuser,%scanuser) %scanstatedir
+  %dir %attr(0710,%scanuser,virusgroup) %scanstatedir
 %endif
 %if %{with sysv}
  %attr(0755,root,root) %config %_initrddir/clamd.scan