Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Sep 2003 19:05:13 +0200
From:      Oliver Eikemeier <eikemeier@fillmore-labs.com>
To:        FreeBSD-gnats-submit@FreeBSD.org, TERAMOTO Masahiro <markun@onohara.to>
Cc:        Norikatsu Shigemura <nork@FreeBSD.org>
Subject:   ports/57256: port security/clamav: should not issue rmuser -y on deinstall
Message-ID:  <3F7471C9.2000606@fillmore-labs.com>

next in thread | raw e-mail | index | archive | help
>Submitter-Id:	current-users
>Originator:	Oliver Eikemeier
>Organization:	Fillmore Labs - http://www.fillmore-labs.com
>Confidential:	no
>Synopsis:	port security/clamav: should not issue rmuser -y on deinstall
>Severity:	serious
>Priority:	medium
>Category:	ports
>Class:		sw-bug
>Release:	FreeBSD 5.1-CURRENT i386
>Environment:
System: FreeBSD nuuk.fillmore-labs.com 5.1-CURRENT

>Description:

PR 53305 added
  @unexec rmuser -y clamav
to pkg-plist.

This deletes the clamav user and any additional files. This
should *only* happen on complete deinstalls, with user
confirmation, *never* on upgrades. The clamav user is
subsequently re-added, with a possible different user id.
Any other group memberships are lost, i.e. if clamav has
been added to the group 'mail' it isn't after an upgrade.

If I integrated clamav in exim following Sheldon Hearns
excellent instructions
  (${PREFIX}/share/doc/exim/POST-INSTALL-NOTES.clamd in the exim port)
my mail server will stop working as a result of the upgrade.

A changing user id implies that clamav can't access /var/run/clamav
and create a socket there.

>How-To-Repeat:

# portupgrade -f 'clamav-*'

--->  Uninstalling the old version
--->  Deinstalling 'clamav-0.60_1'
--->  Preserving /usr/local/lib/libclamav.so.1 as /usr/local/lib/compat/pkg/libclamav.so.1
pkg_delete: '/usr/local/share/clamav/viruses.db' fails original MD5 checksum - deleted anyway.
pkg_delete: '/usr/local/share/clamav/viruses.db2' fails original MD5 checksum - deleted anyway.
/usr/sbin/rmuser: Informational: Home /nonexistent is not a directory, so it won't be removed
Killed process(es) belonging to clamav.
Updating password file, updating databases, done.
Updating group file: mail (removing group clamav -- personal group is empty) done.
Removing files belonging to clamav from /tmp: done.
Removing files belonging to clamav from /var/tmp: done.
Removing files belonging to clamav from /var/tmp/vi.recover: done.
[Updating the pkgdb <format:bdb1_btree> in /var/db/pkg ... - 91 packages found (-1 +0) (...) done]
--->  Installing the new version via the port
===>  Installing for clamav-0.60_2
[...]
===>   Creating custom user to run clamav...
/bin/sh /usr/ports/security/clamav/pkg-install clamav-0.60_2 PRE-INSTALL
=> Added group "clamav".
=> Added user "clamav".

>Fix:

Remove
  @unexec rmuser -y clamav
from pkg-plist. If necessary, add a message in pkg-deinstall, telling the user
to do this step manually.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F7471C9.2000606>