Strange question on file permission

[Dario Lesca]

James Kosin disse:
>
> clamd can be run by almost anyone.  The application by default changes
> the user based on the config file for clamd after starting.  This was so
> a user could not crash clamav and gain root privilages.  (At least I
> think that was the reasoning)

Yes, the application start whit root permission and then change the user
whit a new user based on the config file, this is my setting:

[root at sisborgo log]# grep -i user /etc/clamav.conf
# Run as selected user (clamd must be started by root).
#User clamav
User qscand

therefore the application run whit permission of user "qscand" and NOT the
user "clamav", owner of file clamav.log

[root at sisborgo log]# ps -fea|grep clamd
qscand    2840     1  0 Sep13 ?        00:00:05 /usr/sbin/clamd
[root at sisborgo log]# lsof -u qscand|grep clamd.log
clamd   2840 qscand    3w   REG       58,3    5413  60860 \
/var/log/clamav/clamd.log
[root at sisborgo log]# ls -l /var/log/clamav/clamd.log
-rw-r-----  1 clamav clamav 5413 14 set 21:58 /var/log/clamav/clamd.log

then: the process "clamd" running with permission of user "qscand" write
the clamd.log file with the write permission only for user "clamav".

> | Question: How can the process /usr/sbin/clamd write in this file???
>
> Look at the configuration file!!!

Into configuration files I have found that the process run whit permission
of user "qscand" and clamd would not have to be able to write into
clamd.log!

Probably the file clamd.log is opened when the user is "root", before
modifying the user from "root" to "qscand".
If I ask to process to re-opening log file (killall -HUP clamd, for log
rotation) the file it does not opened.

Therefore the lsof tell lies!
the clamd.log file is non opened from "qscand" but "root" ... this could
be a problem?

some suggest?

Many thanks, and sorry for my bad english

Dario Lesca