Here's the output, as requested.
Can't really say that I see anything that stands out?
$ sudo SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create
Looking for configuration files in (higher priority first):
/etc/tmpfiles.d
/run/tmpfiles.d
/usr/local/lib/tmpfiles.d
/usr/lib/tmpfiles.d
Reading config file "/usr/lib/tmpfiles.d/arch.conf"…
Reading config file "/usr/lib/tmpfiles.d/clamav.conf"…
Reading config file "/usr/lib/tmpfiles.d/colord.conf"…
Reading config file "/usr/lib/tmpfiles.d/dbus.conf"…
Reading config file "/usr/lib/tmpfiles.d/dmraid.conf"…
Reading config file "/usr/lib/tmpfiles.d/etc.conf"…
/usr/lib/tmpfiles.d/etc.conf:12: Ignoring entry L! "/etc/resolv.conf" because --boot is not specified.
/usr/lib/tmpfiles.d/etc.conf:13: Ignoring entry C! "/etc/nsswitch.conf" because --boot is not specified.
/usr/lib/tmpfiles.d/etc.conf:14: Ignoring entry C! "/etc/pam.d" because --boot is not specified.
/usr/lib/tmpfiles.d/etc.conf:15: Ignoring entry C! "/etc/issue" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/fangfrisch.conf"…
Reading config file "/usr/lib/tmpfiles.d/gvfsd-fuse-tmpfiles.conf"…
Reading config file "/usr/lib/tmpfiles.d/home.conf"…
Reading config file "/usr/lib/tmpfiles.d/journal-nocow.conf"…
Reading config file "/run/tmpfiles.d/kmod.conf"…
Reading config file "/usr/lib/tmpfiles.d/legacy.conf"…
/usr/lib/tmpfiles.d/legacy.conf:25: Ignoring entry r! "/forcefsck" because --boot is not specified.
/usr/lib/tmpfiles.d/legacy.conf:26: Ignoring entry r! "/fastboot" because --boot is not specified.
/usr/lib/tmpfiles.d/legacy.conf:27: Ignoring entry r! "/forcequotacheck" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/lightdm.conf"…
Reading config file "/usr/lib/tmpfiles.d/linux-firmware.conf"…
Reading config file "/usr/lib/tmpfiles.d/man-db.conf"…
Reading config file "/usr/lib/tmpfiles.d/mkinitcpio.conf"…
Reading config file "/usr/lib/tmpfiles.d/nscd.conf"…
Reading config file "/usr/lib/tmpfiles.d/pam.conf"…
Reading config file "/usr/lib/tmpfiles.d/portables.conf"…
Reading config file "/usr/lib/tmpfiles.d/sshd.conf"…
Reading config file "/usr/lib/tmpfiles.d/static-nodes-permissions.conf"…
Reading config file "/run/tmpfiles.d/static-nodes.conf"…
/run/tmpfiles.d/static-nodes.conf:1: Ignoring entry c! "/dev/fuse" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:2: Ignoring entry c! "/dev/cuse" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:3: Ignoring entry c! "/dev/btrfs-control" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:4: Ignoring entry c! "/dev/loop-control" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:6: Ignoring entry c! "/dev/net/tun" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:7: Ignoring entry c! "/dev/ppp" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:8: Ignoring entry c! "/dev/userio" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:9: Ignoring entry c! "/dev/uinput" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:11: Ignoring entry c! "/dev/mapper/control" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:12: Ignoring entry c! "/dev/uhid" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:14: Ignoring entry c! "/dev/vfio/vfio" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:15: Ignoring entry c! "/dev/vhci" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:16: Ignoring entry c! "/dev/vhost-net" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:17: Ignoring entry c! "/dev/vhost-vsock" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:19: Ignoring entry c! "/dev/snd/timer" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:21: Ignoring entry c! "/dev/snd/seq" because --boot is not specified.
/run/tmpfiles.d/static-nodes.conf:22: Ignoring entry c! "/dev/rfkill" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/sudo.conf"…
Reading config file "/usr/lib/tmpfiles.d/systemd-nologin.conf"…
/usr/lib/tmpfiles.d/systemd-nologin.conf:11: Ignoring entry F! "/run/nologin" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/systemd-nspawn.conf"…
/usr/lib/tmpfiles.d/systemd-nspawn.conf:22: Ignoring entry R! "/var/lib/machines/.#*" because --boot is not specified.
/usr/lib/tmpfiles.d/systemd-nspawn.conf:23: Ignoring entry R! "/.#machine.*" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/systemd-pstore.conf"…
Reading config file "/usr/lib/tmpfiles.d/systemd-tmp.conf"…
/usr/lib/tmpfiles.d/systemd-tmp.conf:17: Ignoring entry R! "/tmp/systemd-private-*" because --boot is not specified.
/usr/lib/tmpfiles.d/systemd-tmp.conf:18: Ignoring entry R! "/var/tmp/systemd-private-*" because --boot is not specified.
/usr/lib/tmpfiles.d/systemd-tmp.conf:23: Ignoring entry r! "/var/lib/systemd/coredump/.#*" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/systemd.conf"…
/usr/lib/tmpfiles.d/systemd.conf:11: Ignoring entry F! "/run/utmp" because --boot is not specified.
Reading config file "/usr/lib/tmpfiles.d/tmp.conf"…
Reading config file "/usr/lib/tmpfiles.d/udisks2.conf"…
Reading config file "/usr/lib/tmpfiles.d/var.conf"…
Reading config file "/usr/lib/tmpfiles.d/x11.conf"…
/usr/lib/tmpfiles.d/x11.conf:12: Ignoring entry D! "/tmp/.X11-unix" because --boot is not specified.
/usr/lib/tmpfiles.d/x11.conf:13: Ignoring entry D! "/tmp/.ICE-unix" because --boot is not specified.
/usr/lib/tmpfiles.d/x11.conf:14: Ignoring entry D! "/tmp/.XIM-unix" because --boot is not specified.
/usr/lib/tmpfiles.d/x11.conf:15: Ignoring entry D! "/tmp/.font-unix" because --boot is not specified.
/usr/lib/tmpfiles.d/x11.conf:16: Ignoring entry D! "/tmp/.Test-unix" because --boot is not specified.
/usr/lib/tmpfiles.d/x11.conf:19: Ignoring entry r! "/tmp/.X[0-9]*-lock" because --boot is not specified.
Running create action for entry C /etc/crypttab
Copying tree "/usr/share/factory/etc/crypttab" to "/etc/crypttab".
Running create action for entry C /etc/fstab
Copying tree "/usr/share/factory/etc/fstab" to "/etc/fstab".
Running create action for entry C /etc/group
Copying tree "/usr/share/factory/etc/group" to "/etc/group".
Running create action for entry C /etc/gshadow
Copying tree "/usr/share/factory/etc/gshadow" to "/etc/gshadow".
Running create action for entry C /etc/host.conf
Copying tree "/usr/share/factory/etc/host.conf" to "/etc/host.conf".
Running create action for entry C /etc/hosts
Copying tree "/usr/share/factory/etc/hosts" to "/etc/hosts".
Running create action for entry C /etc/issue
Copying tree "/usr/share/factory/etc/issue" to "/etc/issue".
Running create action for entry C /etc/ld.so.conf
Copying tree "/usr/share/factory/etc/ld.so.conf" to "/etc/ld.so.conf".
Running create action for entry C /etc/motd
Copying tree "/usr/share/factory/etc/motd" to "/etc/motd".
Running create action for entry C /etc/nsswitch.conf
Copying tree "/usr/share/factory/etc/nsswitch.conf" to "/etc/nsswitch.conf".
Running create action for entry C /etc/passwd
Copying tree "/usr/share/factory/etc/passwd" to "/etc/passwd".
Running create action for entry C /etc/profile
Copying tree "/usr/share/factory/etc/profile" to "/etc/profile".
Running create action for entry C /etc/securetty
Copying tree "/usr/share/factory/etc/securetty" to "/etc/securetty".
Running create action for entry C /etc/shadow
Copying tree "/usr/share/factory/etc/shadow" to "/etc/shadow".
Running create action for entry C /etc/shells
Copying tree "/usr/share/factory/etc/shells" to "/etc/shells".
Running create action for entry d /run/clamav
Found existing directory "/run/clamav".
"/run/clamav" matches mode 755 already.
Running create action for entry q /var
Found existing directory "/var".
"/var" matches mode 755 already.
Running create action for entry d /var/log
Found existing directory "/var/log".
"/var/log" matches mode 755 already.
Running create action for entry d /var/log/clamav
Found existing directory "/var/log/clamav".
"/var/log/clamav" matches mode 755 already.
Running create action for entry d /var/lib
Found existing directory "/var/lib".
"/var/lib" matches mode 755 already.
Running create action for entry d /var/lib/clamav
Found existing directory "/var/lib/clamav".
"/var/lib/clamav" matches mode 755 already.
Running create action for entry d /var/lib/colord
Found existing directory "/var/lib/colord".
"/var/lib/colord" matches mode 755 already.
Running create action for entry d /var/lib/colord/icc
Found existing directory "/var/lib/colord/icc".
"/var/lib/colord/icc" matches mode 755 already.
Running create action for entry d /var/lib/dbus
Found existing directory "/var/lib/dbus".
"/var/lib/dbus" matches mode 755 already.
Running create action for entry L /var/lib/dbus/machine-id
Found existing symlink "/var/lib/dbus/machine-id".
Running create action for entry d /run/lock
Found existing directory "/run/lock".
"/run/lock" matches mode 755 already.
Running create action for entry d /run/lock/dmraid
Found existing directory "/run/lock/dmraid".
"/run/lock/dmraid" matches mode 1777 already.
Running create action for entry L /etc/os-release
Found existing symlink "/etc/os-release".
Running create action for entry L /etc/mtab
Found existing symlink "/etc/mtab".
Running create action for entry d /var/lib/fangfrisch
Found existing directory "/var/lib/fangfrisch".
"/var/lib/fangfrisch" matches mode 700 already.
Running create action for entry Q /home
Found existing directory "/home".
"/home" matches mode 755 already.
Running create action for entry q /srv
Found existing directory "/srv".
"/srv" matches mode 755 already.
Running create action for entry L /var/lock
Found existing symlink "/var/lock".
Running create action for entry d /run/lock/subsys
Found existing directory "/run/lock/subsys".
"/run/lock/subsys" matches mode 755 already.
Running create action for entry d /run/lightdm
Found existing directory "/run/lightdm".
"/run/lightdm" matches mode 711 already.
Running create action for entry d /var/cache
Found existing directory "/var/cache".
"/var/cache" matches mode 755 already.
Running create action for entry d /var/cache/lightdm
Found existing directory "/var/cache/lightdm".
"/var/cache/lightdm" matches mode 711 already.
Running create action for entry d /var/lib/lightdm
Found existing directory "/var/lib/lightdm".
"/var/lib/lightdm" matches mode 1770 already.
Running create action for entry d /var/lib/lightdm-data
Found existing directory "/var/lib/lightdm-data".
"/var/lib/lightdm-data" matches mode 1770 already.
Running create action for entry d /var/log/lightdm
Found existing directory "/var/log/lightdm".
"/var/log/lightdm" matches mode 711 already.
Running create action for entry d /var/cache/man
Found existing directory "/var/cache/man".
"/var/cache/man" matches mode 755 already.
Running create action for entry d /run/initramfs
Found existing directory "/run/initramfs".
"/run/initramfs" matches mode 755 already.
Running create action for entry d /run/nscd
Found existing directory "/run/nscd".
"/run/nscd" matches mode 755 already.
Running create action for entry d /run/faillock
Found existing directory "/run/faillock".
"/run/faillock" matches mode 755 already.
Running create action for entry Q /var/lib/portables
Found existing directory "/var/lib/portables".
"/var/lib/portables" matches mode 700 already.
Running create action for entry d /var/empty
Found existing directory "/var/empty".
"/var/empty" matches mode 755 already.
Running create action for entry d /dev/net
Found existing directory "/dev/net".
"/dev/net" matches mode 755 already.
Running create action for entry d /dev/mapper
Found existing directory "/dev/mapper".
"/dev/mapper" matches mode 755 already.
Running create action for entry d /dev/vfio
Found existing directory "/dev/vfio".
"/dev/vfio" matches mode 755 already.
Running create action for entry d /dev/snd
Found existing directory "/dev/snd".
"/dev/snd" matches mode 755 already.
Running create action for entry d /dev/snd
Found existing directory "/dev/snd".
"/dev/snd" matches mode 755 already.
Running create action for entry d /run/sudo
Found existing directory "/run/sudo".
"/run/sudo" matches mode 711 already.
Running create action for entry D /run/sudo/ts
Found existing directory "/run/sudo/ts".
"/run/sudo/ts" matches mode 700 already.
Running create action for entry Q /var/lib/machines
Found existing directory "/var/lib/machines".
"/var/lib/machines" matches mode 700 already.
Running create action for entry d /var/lib/systemd
Found existing directory "/var/lib/systemd".
"/var/lib/systemd" matches mode 755 already.
Running create action for entry d /var/lib/systemd/pstore
Found existing directory "/var/lib/systemd/pstore".
"/var/lib/systemd/pstore" matches mode 755 already.
Running create action for entry d /run/user
Found existing directory "/run/user".
"/run/user" matches mode 755 already.
Running create action for entry d /run/systemd/ask-password
Found existing directory "/run/systemd/ask-password".
"/run/systemd/ask-password" matches mode 755 already.
Running create action for entry d /run/systemd/seats
Found existing directory "/run/systemd/seats".
"/run/systemd/seats" matches mode 755 already.
Running create action for entry d /run/systemd/sessions
Found existing directory "/run/systemd/sessions".
"/run/systemd/sessions" matches mode 755 already.
Running create action for entry d /run/systemd/users
Found existing directory "/run/systemd/users".
"/run/systemd/users" matches mode 755 already.
Running create action for entry d /run/systemd/machines
Found existing directory "/run/systemd/machines".
"/run/systemd/machines" matches mode 755 already.
Running create action for entry d /run/systemd/shutdown
Found existing directory "/run/systemd/shutdown".
"/run/systemd/shutdown" matches mode 755 already.
Running create action for entry d /run/systemd/netif
Found existing directory "/run/systemd/netif".
"/run/systemd/netif" matches mode 755 already.
Running create action for entry d /run/systemd/netif/links
Found existing directory "/run/systemd/netif/links".
"/run/systemd/netif/links" matches mode 755 already.
Running create action for entry d /run/systemd/netif/leases
Found existing directory "/run/systemd/netif/leases".
"/run/systemd/netif/leases" matches mode 755 already.
Running create action for entry d /run/systemd/netif/lldp
Found existing directory "/run/systemd/netif/lldp".
"/run/systemd/netif/lldp" matches mode 755 already.
Running create action for entry d /run/log
Found existing directory "/run/log".
"/run/log" matches mode 755 already.
Running create action for entry d /var/lib/systemd/coredump
Found existing directory "/var/lib/systemd/coredump".
"/var/lib/systemd/coredump" matches mode 755 already.
Running create action for entry d /var/lib/private
Found existing directory "/var/lib/private".
"/var/lib/private" matches mode 700 already.
Running create action for entry d /var/log/private
Found existing directory "/var/log/private".
"/var/log/private" matches mode 700 already.
Running create action for entry d /var/cache/private
Found existing directory "/var/cache/private".
"/var/cache/private" matches mode 700 already.
Running create action for entry q /tmp
Found existing directory "/tmp".
"/tmp" matches mode 1777 already.
Running create action for entry q /var/tmp
Found existing directory "/var/tmp".
"/var/tmp" matches mode 1777 already.
Running create action for entry d /run/media
Found existing directory "/run/media".
"/run/media" matches mode 755 already.
Running create action for entry L /var/run
Found existing symlink "/var/run".
Running create action for entry f /var/log/wtmp
"/var/log/wtmp" matches mode 664 already.
Running create action for entry f /var/log/btmp
"/var/log/btmp" matches mode 660 already.
Running create action for entry f /var/log/lastlog
"/var/log/lastlog" matches mode 664 already.
Running create action for entry d /var/spool
Found existing directory "/var/spool".
"/var/spool" matches mode 755 already.
Running create action for entry Z /var/lib/colord
"/var/lib/colord" matches mode 755 already.
"/var/lib/colord/mapping.db" matches mode 755 already.
"/var/lib/colord/storage.db" matches mode 755 already.
"/var/lib/colord/.cache" matches mode 755 already.
"/var/lib/colord/icc" matches mode 755 already.
Failed to determine whether '/run/user/*/gvfs' is below autofs, ignoring: No such file or directory
Running create action for entry x /run/user/*/gvfs
Running create action for entry a /var/log/journal
Setting access ACL u::rwx,g::r-x,g:wheel:r-x,g:adm:r-x,m::r-x,o::r-x on /var/log/journal.
Setting default ACL u::rwx,g::r-x,g:wheel:r-x,g:adm:r-x,m::r-x,o::r-x on /var/log/journal.
Running create action for entry h /var/log/journal
Cannot set file attribute for '/var/log/journal', value=0x00800000, mask=0x00800000, ignoring: Operation not supported
Running create action for entry z /var/log/journal
"/var/log/journal" matches mode 2755 already.
Running create action for entry a /var/log/journal/f8d6449500dc4ca599856aed1a52a178
Setting access ACL u::rwx,g::r-x,g:wheel:r-x,g:adm:r-x,m::r-x,o::r-x on /var/log/journal/f8d6449500dc4ca599856aed1a52a178.
Setting default ACL u::rwx,g::r-x,g:wheel:r-x,g:adm:r-x,m::r-x,o::r-x on /var/log/journal/f8d6449500dc4ca599856aed1a52a178.
Running create action for entry h /var/log/journal/f8d6449500dc4ca599856aed1a52a178
Cannot set file attribute for '/var/log/journal/f8d6449500dc4ca599856aed1a52a178', value=0x00800000, mask=0x00800000, ignoring: Operation not supported
Running create action for entry z /var/log/journal/f8d6449500dc4ca599856aed1a52a178
"/var/log/journal/f8d6449500dc4ca599856aed1a52a178" matches mode 2755 already.
Running create action for entry h /var/log/journal/remote
Cannot set file attribute for '/var/log/journal/remote', value=0x00800000, mask=0x00800000, ignoring: Operation not supported
Running create action for entry w /sys/devices/system/cpu/microcode/reload
Writing to "/sys/devices/system/cpu/microcode/reload".
Running create action for entry z /dev/snd/seq
"/dev/snd/seq" matches mode 660 already.
Running create action for entry z /dev/snd/timer
"/dev/snd/timer" matches mode 660 already.
Running create action for entry z /dev/loop-control
"/dev/loop-control" matches mode 660 already.
Running create action for entry z /dev/net/tun
"/dev/net/tun" matches mode 666 already.
Running create action for entry z /dev/fuse
"/dev/fuse" matches mode 666 already.
Running create action for entry z /dev/kvm
"/dev/kvm" matches mode 666 already.
Failed to determine whether '/tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*' is below autofs, ignoring: No such file or directory
Running create action for entry x /tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*
Failed to determine whether '/tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*/tmp' is below autofs, ignoring: No such file or directory
Running create action for entry X /tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*/tmp
Failed to determine whether '/var/tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*' is below autofs, ignoring: No such file or directory
Running create action for entry x /var/tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*
Failed to determine whether '/var/tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*/tmp' is below autofs, ignoring: No such file or directory
Running create action for entry X /var/tmp/systemd-private-47a214c49c2a4b39aeba776cb9e95e9b-*/tmp
Failed to determine whether '/var/lib/systemd/coredump/.#core*.47a214c49c2a4b39aeba776cb9e95e9b*' is below autofs, ignoring: No such file or directory
Running create action for entry x /var/lib/systemd/coredump/.#core*.47a214c49c2a4b39aeba776cb9e95e9b*
Running create action for entry a /run/log/journal
Setting access ACL u::rwx,g::r-x,g:wheel:r-x,g:adm:r-x,m::r-x,o::r-x on /run/log/journal.
Setting default ACL u::rwx,g::r-x,g:wheel:r-x,g:adm:r-x,m::r-x,o::r-x on /run/log/journal.
Running create action for entry z /run/log/journal
"/run/log/journal" matches mode 2755 already.
Failed to determine whether '/run/log/journal/f8d6449500dc4ca599856aed1a52a178' is below autofs, ignoring: No such file or directory
Running create action for entry Z /run/log/journal/f8d6449500dc4ca599856aed1a52a178
Failed to determine whether '/run/log/journal/f8d6449500dc4ca599856aed1a52a178' is below autofs, ignoring: No such file or directory
Running create action for entry a /run/log/journal/f8d6449500dc4ca599856aed1a52a178
Failed to determine whether '/run/log/journal/f8d6449500dc4ca599856aed1a52a178/*.journal*' is below autofs, ignoring: No such file or directory
Running create action for entry a /run/log/journal/f8d6449500dc4ca599856aed1a52a178/*.journal*
Cannot open directory "/run/log/journal/f8d6449500dc4ca599856aed1a52a178": No such file or directory
Running create action for entry a /var/log/journal/f8d6449500dc4ca599856aed1a52a178/system.journal
Setting access ACL u::rw-,g::r-x,g:wheel:r--,g:adm:r--,m::r--,o::--- on /var/log/journal/f8d6449500dc4ca599856aed1a52a178/system.journal.
Running create action for entry z /var/log/journal/f8d6449500dc4ca599856aed1a52a178/system.journal
"/var/log/journal/f8d6449500dc4ca599856aed1a52a178/system.journal" matches mode 640 already.
$
There was a mistake in my original command it should be
# SYSTEMD_LOG_LEVEL=debug systemd-tmpfiles --create
I've read man systemd-tmpfiles and man tmpfiles.d, and see that sudo SYSTEMD_LOG_LEVEL=DEBUG systemd-tmpfiles --create will create a truckload of temporary files - but I'm not sure what I'll actually will be doing?
So I'm a little uneasy about it
With reference to man tmpfiles.d:
/etc/tmpfiles.d is empty.
/run/tmpfiles.d holds two files
/usr/lib/tmpfiles.d holds 30 files (among them clamav.conf)
~/.config/user-tmpfiles.d, $XDG_RUNTIME_DIR/user-tmpfiles.d and ~/.local/share/user-tmpfiles.d are all empty.
clamav.conf contains three lines:
d /run/clamav 0755 clamav clamav
d /var/log/clamav 0755 clamav clamav
d /var/lib/clamav 0755 clamav clamav
All these folders exist, with those permissions, but if they didn't they would have been created by sudo systemd-tmpfiles --create, I gather. The debug log level, will no doubt produce a lot of info, but what are we looking for? As the folders already exists, I gather they would be skipped, and no debug info produced?
Sorry I'm a bit catious about this
]]>I'm not quite sure why the two installs ended up with different access rights, but chmod 644 fixed it for me.
Also, using clamdscan on files not readable by clamav:clamav is solved by using the fdpass parameter to pass the file descriptor permission instead of the file, however that works
It's described in https://wiki.archlinux.org/index.php/Cl … _clamdscan
I'll mark this solved now.
]]>Can it be that the files should be world-readable and the package is a bit off?
They are world-readable in my ls output, and something may have gone wrong upon creation by systemd-tmpfiles .
Posting the output loqs asked should help to determine that.
# SYSTEMD_LOG_LEVEL=DEBUG systemd-tmpfiles --create
I'm sorry if I'm spamming this forum with a thread all by myself (almost - thank's for helping @Lone_Wolf )
Instead of posting again when no one has replied, you can edit your existing post to add more information.
]]>I removed ClamAV and updated my system and booted.
Then I reinstalled and ran freshclam again.
This time I got different access rights to the files. Most curious, methinks:
$ ls -l /var/lib/clamav/
total 438M
-rw-r----- 1 clamav clamav 290K 21.01.2021 11:58 bytecode.cvd
-rw-r--r-- 1 clamav clamav 325M 21.01.2021 14:08 daily.cld
-rw-r----- 1 clamav clamav 113M 21.01.2021 11:58 main.cvd
Anyway, I still got the error on clamscan, so I chmod 644'ed the lot, and now it works.
Can it be that the files should be world-readable and the package is a bit off?
And by the way - I still can't figure out how that daemon-thing is going to be of any use if it can only scan files that are readable to clamav:clamav?
]]>$ cat eicar.com.txt | clamscan -
LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/daily.cvd
LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/daily.cvd
LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav
ERROR: Can't open file or directory
$ cat eicar.com.txt | clamdscan -
stream: Win.Test.EICAR_HDB-1 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.010 sec (0 m 0 s)
Start Date: 2021:01:21 13:58:22
End Date: 2021:01:21 13:58:22
But even if I stop clamav-daemon.service, I get the same error with clamscan.
And clamdscan can't scan files that clamav-daemon.service can't access:
$ ls -l
total 12K
-rw-r----- 1 user user 68 21.01.2021 12:03 eicar.com.txt
$ clamdscan eicar.com.txt
/home/user/eicar.com.txt: lstat() failed: Permission denied. ERROR
So, I'm a bit at a loss as to how ClamAV is intended to be used...
]]>[2021-01-19T08:44:27+0100] [PACMAN] Running 'pacman -Syu'
[2021-01-19T08:44:27+0100] [PACMAN] synchronizing package lists
[2021-01-19T08:44:27+0100] [PACMAN] starting full system upgrade
[2021-01-21T11:56:06+0100] [PACMAN] Running 'pacman -S clamav'
[2021-01-21T11:56:12+0100] [ALPM] transaction started
[2021-01-21T11:56:12+0100] [ALPM] installed libmspack (1:0.10.1alpha-3)
[2021-01-21T11:56:12+0100] [ALPM] installed clamav (0.103.0-1)
[2021-01-21T11:56:12+0100] [ALPM] transaction completed
[2021-01-21T11:56:12+0100] [ALPM] running '20-systemd-sysusers.hook'...
[2021-01-21T11:56:12+0100] [ALPM-SCRIPTLET] Creating group clamav with gid 64.
[2021-01-21T11:56:12+0100] [ALPM-SCRIPTLET] Creating user clamav (Clam AntiVirus) with uid 64 and gid 64.
[2021-01-21T11:56:12+0100] [ALPM] running '30-systemd-daemon-reload.hook'...
[2021-01-21T11:56:12+0100] [ALPM] running '30-systemd-tmpfiles.hook'...
[2021-01-21T11:56:12+0100] [ALPM] running '30-systemd-update.hook'...
I maybe should have run pacman -Syu before -S clamav... it's been a couple of days, and I see there is a bit in line
Packages (32) alsa-card-profiles-1:0.3.20-1 audit-3.0-1 btrfs-progs-5.10-1 calibre-5.9.0-2 chromium-88.0.4324.96-1 dav1d-0.8.1-1 ffmpeg-2:4.3.1-4 filesystem-2021.01.19-1
gnupg-2.2.27-1 gtk-update-icon-cache-1:4.0.2-1 libedit-20191231_3.1-3 libinih-52-1 libnftnl-1.1.9-1 libplacebo-3.104.0-1 libpulse-14.2-2 linux-5.10.9.arch1-1
mpv-1:0.33.0-4 pam-1.5.1-1 podofo-0.9.7-1 pulseaudio-14.2-2 pulseaudio-bluetooth-14.2-2 pulseaudio-jack-14.2-2 pulseaudio-zeroconf-14.2-2
python-setuptools-1:51.3.3-1 python-virtualenv-20.4.0-1 python2-virtualenv-20.4.0-1 rclone-1.53.4-1 sudo-1.9.5.p1-1 tar-1.33-1 vlc-3.0.12-1 xfsprogs-5.10.0-1
zstd-1.4.8-1
What seems wrong with the files in /var/lib/clamav/ by the way? They look fine to my ignorant eye
]]>$ ls -l /var/lib/clamav/
total 223624
-rw-r--r-- 1 clamav clamav 296388 21 jan 13:13 bytecode.cvd
-rw-r--r-- 1 clamav clamav 110819851 21 jan 13:13 daily.cvd
-rw-r--r-- 1 clamav clamav 117859675 21 jan 13:13 main.cvd
$
Looks like something went wrong with the creation of those folders / files.
Please post /var/log/pacman.log .
No need to post the full log, start at the date/time of your last pacman -Syu .
After running freshclam, I first checked that I have the following files:
$ ls -l /var/lib/clamav
total 219M
-rw-r----- 1 clamav clamav 290K 21.01.2021 11:58 bytecode.cvd
-rw-r----- 1 clamav clamav 106M 21.01.2021 11:57 daily.cvd
-rw-r----- 1 clamav clamav 113M 21.01.2021 11:58 main.cvd
Then I start and enable clamav-freshclam.service and clamav-daemon.service.
Then, checking with the EICAR test file, I get the following error:
$ curl https://secure.eicar.org/eicar.com.txt | clamscan -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/daily.cvd
LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/daily.cvd
LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav
ERROR: Can't open file or directory
This is not related to different DatabaseDirectory entries in /etc/clamav/freshclam.conf and /etc/clamav/clamd.conf, as described in the Troubleshooting:
$ grep DatabaseDirectory < /etc/clamav/freshclam.conf
#DatabaseDirectory /var/lib/clamav
$ grep DatabaseDirectory < /etc/clamav/clamd.conf
#DatabaseDirectory /var/lib/clamav
I believe it is related to access rights, but have found no documentation.
Do you know if my user must be in the clamav group or something?