sudo in av_scanner script: effective uid is not 0

Dusan Obradovic dusan at
Tue Jul 17 11:53:50 CEST 2018

> On Jul 13, 2018, at 14:47, Andreas B├╝the <abuethe at> wrote:
> The version used is 'amavisd-new 2.11.0-2el7' (CentOS 7 from epel) without chroot. I checked basics like the suid bit on /usr/bin/sudo, the filesystem / where /usr resides on is not mounted 'nosuid', SELinux is currently disabled for testing purposes, etc.
> I somehow assume that my problem has to do with the read-only filesystem remounts in the amavis worker.

Systemd unit file from epel has some interesting security settings.


#the bounding set is reset to the empty capability set 

#mounts /usr /boot /etc directories read-only for processes invoked by this unit

More information about the amavis-users mailing list