Bug 69605

Summary:	mail-filter/qmail-scanner: write permission denied in qmailscan/
Product:	Gentoo Linux	Reporter:	Ian Truelsen <ian.truelsen>
Component:	Current packages	Assignee:	Net-Mail Packages <net-mail+disabled>
Status:	RESOLVED TEST-REQUEST
Severity:	normal	CC:	carter.smithhart, johan, kg6kvq, mmokrejs
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Ian Truelsen 2004-10-31 04:12:13 UTC

I installed qmail-scanner, but I get the dreaded write permission denied error:

ian@dark-lord ian $ qmail-scanner-queue -g
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
X-Qmail-Scanner-1.23st:[] cannot open for write /var/spool/qmailscan/quarantine-attachments.db.tmp - Permission denied

I have googled the permission issue and from what I have been able to find, the permissions that I have look to be correct:

ian@dark-lord ian $ ls /var/spool -al
total 28
drwxr-xr-x   7 root   root  4096 Aug 23 08:33 .
drwxr-xr-x  16 ian    users 4096 Aug 23 08:33 ..
-rw-r--r--   1 root   root     0 Oct 30 15:02 .keep
drwxr-x---   4 root   cron  4096 Sep 30  2003 cron
drwx------   3 lp     lp    4096 Oct 11 09:14 cups
drwxr-xr-x   2 root   root  4096 Dec  3  2002 locate
drwxrwxrwt   2 root   mail  4096 Aug 23 08:33 mail
drwxr-xr-x   6 qmailq qmail 4096 Oct 31 03:40 qmailscan

ian@dark-lord ian $ ls /var/spool/qmailscan -al
total 52
drwxr-xr-x  6 qmailq qmail   4096 Oct 31 03:40 .
drwxr-xr-x  7 root   root    4096 Aug 23 08:33 ..
-rw-r--r--  1 root   root       0 Oct 29 12:53 .keep
drwxr-x---  5 qscand qscand  4096 Oct 29 12:53 archive
-rw-------  1 qscand qscand   321 Oct 31 02:10 qmail-queue.log.1
-rw-------  1 qscand qscand    40 Oct 31 02:10 qmail-scanner-queue-version.txt
drwxr-xr-x  5 qscand qscand  4096 Oct 29 12:53 quarantine
-rw-r-----  1 qscand qscand 12288 Sep 14 11:50 quarantine-attachments.db
-rw-r--r--  1 qscand qscand  7414 Oct 29 12:53 quarantine-attachments.txt
-rw-r--r--  1 qscand qscand     0 Oct 29 12:53 quarantine.log
drwxr-x---  3 qscand qscand  4096 Oct 30 02:10 tmp
lrwxrwxrwx  1 qscand qscand    14 Oct 29 12:53 viruses.log -> quarantine.log
drwxr-x---  5 qscand qscand  4096 Oct 29 12:53 working

BTW, I had to chown some of the files manually to get the qscand ownership. However, it still persists in giving me the write permission denied error.

So, I am at a loss to see what the problem is. I don't know if this is a program error, an ebuild error, my error or something else, all I know is that it isn't working and is immensely frustrating :(  Any help would be appreciated.

Interestingly, when I printed out the emerge info for below, I got the following:

Failed to write to mtimedb: [Errno 13] Permission denied: '/var/cache/edb/mtimedb'

What the heck is going on here?

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Portage 2.0.51-r2 (default-x86-1.4, gcc-3.3.4, glibc-2.3.4.20040808-r1,
2.4.27-grsec-2.0.1 i686)
=================================================================
System uname: 2.4.27-grsec-2.0.1 i686 AMD Athlon(tm) Processor
Gentoo Base System version 1.4.16
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.59-r5
Automake: sys-devel/automake-1.8.5-r1
Binutils: sys-devel/binutils-2.14.90.0.8-r1
Headers:  sys-kernel/linux-headers-2.4.19-r1,sys-kernel/linux-headers-2.4.21-r1
Libtools: sys-devel/libtool-1.5.2-r5
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/alias
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache distlocks emergemail fixpackages sandbox"
GENTOO_MIRRORS="http://gentoo.osuosl.org
http://distro.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://dark-lord.ihtruelsen.dyndns.org/gentoo-portage"
USE="acpi alsa apache2 apm avi berkdb bitmap-fonts cdr crypt cups encode esd f77
foomaticdb gd gdbm gif gpm gtk gtk2 imap imlib java jpeg libg++ libwww mad
maildir mikmod motif mpeg mysql ncurses nls oggvorbis oss pam pdflib perl png
python qt quicktime readline sdl slang spell ssl svga tcpd tiff truetype
virus-scan x86 xml xml2 xprint xv zlib linguas_en"

Comment 1 Matt 2004-11-12 03:17:40 UTC

I think you have the wrong permissions for /var/spool/qmailscan

drwxr-xr-x   6 qmailq qmail 4096 Oct 31 03:40 qmailscan
Should be 
drwxr-xr-x   6 qscand qscand 4096 Oct 31 03:40 qmailscan

$chown qscand:qscand /var/spool/qmailscan
will fix the problem

Comment 2 Lim Swee Tat (RETIRED) gentoo-dev

2004-12-23 19:12:18 UTC

Still problematic??  I think Matt solved the issue.  But I'm not closing till I get a confirmation or 3 days later, whichever comes earlier.

Regards
Lim Swee Tat

Comment 3 Carter Smithhart 2006-01-08 16:32:10 UTC

Ian or Matt, is this still a problem in mail-filter/qmail-scanner-1.25-r1?

Comment 4 Martin Mokrejš 2006-02-06 11:49:40 UTC

I have clamav-0.88 and mail-filter/qmail-scanner-1.25-r1 installed today. This is what I have (after editing /etc/clamd.conf to run as user qscand instead of clamav which is described in other bugs in bugzilla):

# ls /var/spool/qmailscan -al
total 36
drwxr-xr-x 6 qscand root     4096 Feb  6 20:46 .
drwxr-xr-x 8 root   root       94 Feb  6 11:48 ..
-rw-r--r-- 1 root   root        0 Feb  6 20:18 .keep
drwxr-x--- 5 qscand qscand     36 Feb  6 11:48 archive
-rw------- 1 qscand nofiles   396 Feb  6 20:29 mailstats.csv
-rw------- 1 qscand qscand   2991 Feb  6 20:29 qmail-queue.log
-rw------- 1 qscand root       40 Feb  6 20:18 qmail-scanner-queue-version.txt
drwxr-x--- 5 qscand qscand     36 Feb  6 11:48 quarantine
-rw-r----- 1 qscand root    12288 Feb  6 20:46 quarantine-attachments.db
-rw-r--r-- 1 qscand qscand   7414 Feb  6 20:18 quarantine-attachments.txt
-rw-r--r-- 1 qscand qscand      0 Feb  6 20:18 quarantine.log
drwxr-x--- 2 qscand qscand     18 Feb  6 20:29 tmp
lrwxrwxrwx 1 root   root       14 Feb  6 20:18 viruses.log -> quarantine.log
drwxr-x--- 5 qscand qscand     36 Feb  6 11:48 working
#

# qmail-scanner-queue -g
perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 81 entries.
#

Comment 5 Johan Bondeson 2006-02-08 15:01:10 UTC

I'm having the same problem. I have qmail-scanner-1.25-r1 installed. I get this in the qmail-smtp log:

@4000000043ea76521d2795bc X-Qmail-Scanner-1.25st:[nisse113943917671831689] cannot open /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise the system by running "qmail-scanner-queue.pl -z"? - Permission denied

# ls -la /var/spool/qmailscan
drwxrwsr-x  7 qscand qscand   4096 Feb  8 22:57 .
drwxr-xr-x  9 root   root     4096 Dec 14 20:27 ..
drwxrws---  5 qscand qscand   4096 Dec  9 16:42 archive
-rwxrwx---  1 qscand qscand   3359 Feb  8 22:58 qmail-queue.log
-rwxrwx---  1 qscand qscand    473 Feb  5 03:10 qmail-queue.log.1.gz
-rwxrwx---  1 qscand qscand    467 Jan 29 03:01 qmail-queue.log.2.gz
-rwxrwx---  1 qscand qscand    479 Jan 22 03:11 qmail-queue.log.3.gz
-rwxrwx---  1 qscand qscand    472 Jan 15 03:10 qmail-queue.log.4.gz
-rwxrwx---  1 qscand qscand     42 Feb  8 22:37 qmail-scanner-queue-version.txt
drwxrws---  5 qscand qscand   4096 Dec  9 16:42 quarantine
-rwxrwx---  1 qscand qscand  12288 Feb  8 22:41 quarantine-attachments.db
-rwxrwx---  1 qscand qscand   7414 Dec  9 16:42 quarantine-attachments.txt
-rwxrwx---  1 qscand qscand      0 Feb  5 03:10 quarantine.log
-rwxrwx---  1 qscand qscand     20 Feb  5 03:10 quarantine.log.1.gz
-rwxrwx---  1 qscand qscand     20 Jan 29 03:01 quarantine.log.2.gz
-rwxrwx---  1 qscand qscand     20 Jan 22 03:11 quarantine.log.3.gz
-rwxrwx---  1 qscand qscand     20 Jan 15 03:10 quarantine.log.4.gz
drwxrws---  5 qscand qscand   4096 Dec  9 16:42 spam
drwxrws---  5 qscand qscand   4096 Feb  8 22:58 tmp
lrwxrwxrwx  1 qscand qscand     14 Dec 10 23:35 viruses.log -> quarantine.log
drwxrws---  5 qscand qscand   4096 Dec  9 16:42 working

# emerge --info
Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-hardened-r1 i686)
=================================================================
System uname: 2.6.14-hardened-r1 i686 AMD Athlon(tm) XP 2000+
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://ftp.du.se/pub/os/gentoo"
LDFLAGS="-Wl,-O1 -Wl,--sort-common"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 3dnow X aim aliaschain alsa apache2 apm arts audiofile avi berkdb bitmap-fonts bzip2 clamav crypt cups curl dlloader eds emboss encode expat fam foomaticdb fortran ftp fwdzone gcj gd gdbm gif glut gmp gnome gpm gstreamer gtk gtk2 hardened hardenedphp iconv icq idn imagemagick imap imlib innodb ipv6 jabber java javascript jpeg kde lcms ldap libg++ libwww mad maildir mbox mhash mikmod mime mmx mng motif mozilla mp3 mpeg msn multipleip mysql mysqli ncurses nls nptl ogg oggvorbis opengl pam pcre pdflib perl perlsuid php pic png python qmail qt quicktime readline samba sdl semanticfix spamassassin spell ssl svg tcpd tiff truetype truetype-fonts type1-fonts udev userlocales vhosts virus-scan vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LINGUAS, MAKEOPTS

Comment 6 Johan Bondeson 2006-02-08 15:24:40 UTC

Hi everyone. I solved the problem by doing this:
you need to edit your /etc/tcprules.d/tcp.qmail-smtp to say
QMAILQUE=/var/qmail/bin/qmail-scanner-queue
and not
QMAILQUE=/var/qmail/bin/qmail-scanner-queue.pl
That is, drop the .pl stuff at the end. This does something to the setuid perl module. Dont know what though.

See http://www.gentoo.org/doc/en/qmail-howto.xml for a howto.

Comment 7 Peter Gantner (a.k.a. nephros) 2007-03-28 09:56:40 UTC

(In reply to comment #6)
> Hi everyone. I solved the problem by doing this:
> you need to edit your /etc/tcprules.d/tcp.qmail-smtp to say
> QMAILQUE=/var/qmail/bin/qmail-scanner-queue
> and not
> QMAILQUE=/var/qmail/bin/qmail-scanner-queue.pl
> That is, drop the .pl stuff at the end. This does something to the setuid perl
> module. Dont know what though.
> 
> See http://www.gentoo.org/doc/en/qmail-howto.xml for a howto.

This is documented in the elog message from the qmail-scanner ebuild in the meantime. 
AFAICS also the permissions are set up correctly now.

So, can this be closed?

Comment 8 Thomas Raschbacher gentoo-dev

2007-04-03 23:51:29 UTC

same happened to me today for a different reason.
when it ran qmail-scanner-queue -g it bailed with an error:

perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
X-Qmail-Scanner-2.01st:[] cannot read /var/spool/qscan/quarantine-events.txt - No such file or directory

this was easily solved by just 'touch'-ing that file and running it manually.

that also created a 0 byte db file which then in return later gave a 'bad file descriptor' message in qmail logs. i'll elaborate later after reading more bugs (it's 00:50 here ;))

Comment 9 Tom Wijsman (TomWij) (RETIRED) gentoo-dev

2013-02-14 18:52:12 UTC

*** Bug 99511 has been marked as a duplicate of this bug. ***

Comment 10 Pacho Ramos gentoo-dev

2016-05-06 08:21:21 UTC

Is this still valid with 2.08?